From e160babe3f3d82718f1d015db3e07b469f731aff Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Wed, 11 May 2016 18:07:49 +0200 Subject: [PATCH] keybindings: Avoid using unitialized memory and grabbing random keys meta_parse_accelerator() considers 0 length accelerator strings as valid, meaning that the keybinding should be disabled. Unfortunately, it doesn't initialize the MetaKeyCombo so if the caller doesn't initialize it either, we end up using random values and possibly grabbing random keys. https://bugzilla.gnome.org/show_bug.cgi?id=766270 --- src/core/keybindings.c | 4 ++-- src/core/meta-accel-parse.c | 10 +++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/core/keybindings.c b/src/core/keybindings.c index 2a8063eb5..ed34aea30 100644 --- a/src/core/keybindings.c +++ b/src/core/keybindings.c @@ -1379,8 +1379,8 @@ meta_display_grab_accelerator (MetaDisplay *display, MetaKeyBindingManager *keys = &display->key_binding_manager; MetaKeyBinding *binding; MetaKeyGrab *grab; - MetaKeyCombo combo; - MetaResolvedKeyCombo resolved_combo; + MetaKeyCombo combo = { 0 }; + MetaResolvedKeyCombo resolved_combo = { 0 }; if (!meta_parse_accelerator (accelerator, &combo)) { diff --git a/src/core/meta-accel-parse.c b/src/core/meta-accel-parse.c index 9cea4887e..6f3c912bb 100644 --- a/src/core/meta-accel-parse.c +++ b/src/core/meta-accel-parse.c @@ -326,6 +326,10 @@ gboolean meta_parse_accelerator (const char *accel, MetaKeyCombo *combo) { + g_return_val_if_fail (combo != NULL, FALSE); + + *combo = (MetaKeyCombo) { 0 }; + if (!accel[0] || strcmp (accel, "disabled") == 0) return TRUE; @@ -336,7 +340,11 @@ gboolean meta_parse_modifier (const char *accel, MetaVirtualModifier *mask) { - MetaKeyCombo combo; + MetaKeyCombo combo = { 0 }; + + g_return_val_if_fail (mask != NULL, FALSE); + + *mask = 0; if (accel == NULL || !accel[0] || strcmp (accel, "disabled") == 0) return TRUE;