Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/kde-plasma/kwin/files/kwin-5.27.6-fix-locale1-use-after-free-xkb_keymap.patch
diff options
context:
space:
mode:
Diffstat (limited to 'kde-plasma/kwin/files/kwin-5.27.6-fix-locale1-use-after-free-xkb_keymap.patch')
-rw-r--r--kde-plasma/kwin/files/kwin-5.27.6-fix-locale1-use-after-free-xkb_keymap.patch57
1 files changed, 57 insertions, 0 deletions
diff --git a/kde-plasma/kwin/files/kwin-5.27.6-fix-locale1-use-after-free-xkb_keymap.patch b/kde-plasma/kwin/files/kwin-5.27.6-fix-locale1-use-after-free-xkb_keymap.patch
new file mode 100644
index 000000000000..6fcd3af4cfda
--- /dev/null
+++ b/kde-plasma/kwin/files/kwin-5.27.6-fix-locale1-use-after-free-xkb_keymap.patch
@@ -0,0 +1,57 @@
+From 2d09d7961b09693aa56a99eb3ba9680e84192936 Mon Sep 17 00:00:00 2001
+From: Aleksei Bavshin <alebastr89@gmail.com>
+Date: Fri, 23 Jun 2023 03:14:09 -0700
+Subject: [PATCH] locale1: fix use-after-free in xkb_keymap creation
+
+qPrintable creates temporary objects that are destroyed before
+`xkb_keymap_new_from_names` is called. It's highly likely that the data
+we pass to xkbcommon will be overwritten by random data by that point.
+
+Fix that by storing values as QByteArrays just like
+`Xkb::loadKeymapFromConfig` does.
+
+
+(cherry picked from commit f70bda9f6de2d38ae3859afb3f96cad1e9c47590)
+---
+ src/xkb.cpp | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/src/xkb.cpp b/src/xkb.cpp
+index 4a5f72d940a..b3bb5e77252 100644
+--- a/src/xkb.cpp
++++ b/src/xkb.cpp
+@@ -250,16 +250,24 @@ xkb_keymap *Xkb::loadKeymapFromLocale1()
+ {
+ OrgFreedesktopDBusPropertiesInterface locale1Properties(s_locale1Interface, "/org/freedesktop/locale1", QDBusConnection::systemBus(), this);
+ const QVariantMap properties = locale1Properties.GetAll(s_locale1Interface);
+- const QString layouts = properties["X11Layout"].toString();
++
++ const QByteArray model = properties["X11Model"].toByteArray();
++ const QByteArray layout = properties["X11Layout"].toByteArray();
++ const QByteArray variant = properties["X11Variant"].toByteArray();
++ const QByteArray options = properties["X11Options"].toByteArray();
++
+ xkb_rule_names ruleNames = {
+- nullptr,
+- qPrintable(properties["X11Model"].toString()),
+- qPrintable(layouts),
+- qPrintable(properties["X11Variant"].toString()),
+- qPrintable(properties["X11Options"].toString()),
++ .rules = nullptr,
++ .model = model.constData(),
++ .layout = layout.constData(),
++ .variant = variant.constData(),
++ .options = options.constData(),
+ };
++
+ applyEnvironmentRules(ruleNames);
+- m_layoutList = layouts.split(QLatin1Char(','));
++
++ m_layoutList = QString::fromLatin1(ruleNames.layout).split(QLatin1Char(','));
++
+ return xkb_keymap_new_from_names(m_context, &ruleNames, XKB_KEYMAP_COMPILE_NO_FLAGS);
+ }
+
+--
+GitLab
+