From 97d8ea8119ace155e34ee708ae67ab25d7a0f2b5 Mon Sep 17 00:00:00 2001 From: Camilla Berglund Date: Tue, 27 Oct 2015 23:01:02 +0100 Subject: [PATCH] Fix decoding overrun in UTF-8 XIM path --- README.md | 1 + src/x11_window.c | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d189474d..a96386a2 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,7 @@ used by the tests and examples and are not required to build the library. - Removed dependency on external OpenGL or OpenGL ES headers - [Cocoa] Removed support for OS X 10.6 - [X11] Bugfix: Monitor connection and disconnection events were not reported + - [X11] Bugfix: Decoding of UTF-8 text from XIM could continue past the end - [WGL] Removed dependency on external WGL headers - [GLX] Replaced legacy renderable with `GLXWindow` - [GLX] Removed dependency on external GLX headers diff --git a/src/x11_window.c b/src/x11_window.c index e6c71d16..5154c72a 100644 --- a/src/x11_window.c +++ b/src/x11_window.c @@ -896,17 +896,17 @@ static void processEvent(XEvent *event) int count; Status status; #if defined(X_HAVE_UTF8_STRING) - char buffer[96]; + char buffer[100]; char* chars = buffer; count = Xutf8LookupString(window->x11.ic, &event->xkey, - buffer, sizeof(buffer), + buffer, sizeof(buffer) - 1, NULL, &status); if (status == XBufferOverflow) { - chars = calloc(count, 1); + chars = calloc(count + 1, 1); count = Xutf8LookupString(window->x11.ic, &event->xkey, chars, count, @@ -916,6 +916,7 @@ static void processEvent(XEvent *event) if (status == XLookupChars || status == XLookupBoth) { const char* c = chars; + chars[count] = '\0'; while (c - chars < count) _glfwInputChar(window, decodeUTF8(&c), mods, plain); }