stack: Fix a crasher from a buffer overrun
The code that restacks X11 windows at the end first tracks any old windows we know about, and then handles any windows created. It starts when it ended, and then walks forwards and then back looking for the first X11 window it doesn't know about. However, when there aren't any X11 windows, it flies off the end of the array and starts looking through random memory. When it finds the X11 window, it then goes through and then tries to restack the remaining windows according to how we've sorted them. Unfortunately, META_WINDOW_CLIENT_TYPE_X11 is 0, which is quite common in random memory we have lying around, so we enter that path and then just crash. Fix the buffer overrun by adding the proper bounds check to the search. You can easily reproduce this by opening a menu while bloatpad is full-screen. Why it only crashes when full-screen and not when a standard window, I have no idea.
This commit is contained in:
parent
862d57d459
commit
becce7afa0
@ -1508,7 +1508,7 @@ stack_sync_to_xserver (MetaStack *stack)
|
||||
if (x_ref->any.type != META_WINDOW_CLIENT_TYPE_X11)
|
||||
{
|
||||
for (x_ref = newp;
|
||||
x_ref->any.type != META_WINDOW_CLIENT_TYPE_X11 && x_ref > new_stack;
|
||||
x_ref->any.type != META_WINDOW_CLIENT_TYPE_X11 && x_ref < new_end;
|
||||
x_ref++)
|
||||
;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user