aboutsummaryrefslogtreecommitdiff
path: root/xcursor/xcursor.c
AgeCommit message (Collapse)Author
2022-01-31xcursor: garbage collect XcursorLibraryLoadImagesVlad Zahorodnii
XcursorLibraryLoadImages is unused, let's drop it. Same as [1]. [1]: https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/206 Co-authored-by: Simon Ser <contact@emersion.fr>
2021-05-02xcursor: fix CVE-2013-2003Tobias Stoeckmann
The libXcursor fix for CVE-2013-2003 has never been imported into wlroots, leaving it vulnerable to it. Changing the argument type to an unsigned type is an effective merge of Ilja Van Sprundel's commit in libXcursor. Proof of Concept (compile with address sanitizer): $ mkdir -p ~/.local/share/icons/poc/cursors $ base64 -d <<< WGN1chAAAAAAAAAA/////w== > \ ~/.local/share/icons/poc/cursors/poc $ echo "seat seat0 xcursor_theme poc 10" > ~/poc-config $ sway -c ~/poc-config
2021-04-13xcursor: use memcpy() to append string of known sizeYuya Nishihara
Since len <= strlen(elt) is known, we don't need a str*() function. Let's simply do memcpy() to suppress linter false positive. Fixes #2777.
2021-04-13Revert "xcursor: use strncat instead of strncpy"Yuya Nishihara
This reverts commit 7dffe9339bf8a92a556098d86712c4c38ac95226, which introduced another linter error with -O3: error: ‘strncat’ specified bound 7 equals source length [-Werror=stringop-overflow=] This makes sense because strncat(dest, "cursors", strlen("cursors")) is moot in security point of view. The next commit will replace strncpy() with memcpy(), so let's restore the original implementation.
2021-03-08xcursor: use strncat instead of strncpyLukas Märdian
strncat appends '\0' automatically and avoids the stringop-truncation warning/error
2021-03-08Fix false positive -Wstringop-truncationLukas Märdian
Fix false positive stringop-truncation warning/error with GCC 10 on s390x by indicating GCC to explicitly ignore this case, as it is clearly a false positive (NUL is set in the following line). This allow the compilation to succeed with -Werror on. Fixes: https://github.com/swaywm/wlroots/issues/2018
2020-09-01Fix undefined behaviorValentin
Without the casts the bytes accesses get converted to int. but int is not guaranteed to be 4 bytes large. Even when it is 4 bytes large `bytes[3] << 24` does not fit because int is signed.
2020-06-26xcursor: add xorg-x11 and cursors path to XCURSORPATHKirill Chibisov
This should match default XCURSORPATH, which is used by libwayland-cursor and other xcursor loading libraries more closely.
2018-11-27xcursor: Support XDG user data dir locationCosimo Cecchi
Nowadays ~/.icons is not used anymore as the preferred location for custom user icon themes; XDG_DATA_HOME/icons (aka ~/.local/share/icons) is what toolkits like GTK prefer. Prepend that location to the default xcursor path, so that cursor themes installed there can be used by apps and toolkits that use libXcursor. Port of https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/src?id=2263c196cb0dcb8547b378df7b35f83b8b99c01e
2018-11-27xcursor: fix crash when encountering cursor themes with circular dependenciesPhilipp Ludwig
Port of https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/src?id=f64a8cc1a65dcad4294e2988b402a34175019663
2018-11-06xcursor: Fix heap overflows when parsing malicious filesTobias Stoeckmann
It is possible to trigger heap overflows due to an integer overflow while parsing images. The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes 4 bytes. Properly chosen values allow an overflow which in turn will lead to less allocated memory than needed for subsequent reads. See also: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 https://gitlab.freedesktop.org/wayland/wayland/commit/5d201df72f3d4f4cb8b8f75f980169b03507da38
2018-02-12Reformat all #include directivesemersion
2017-08-07Add xcursor sublibraryDrew DeVault