From 65b8c4a46b104b2e36ce5dcc8561dc3a96a22012 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Camilla=20L=C3=B6wy?= Date: Mon, 18 Apr 2022 23:22:25 +0200 Subject: [PATCH] X11: Fix segfault on malformed INCR response The code assumed that at least some data would be received via the INCR mechanism and that, as a result, the string buffer would be allocated. Bug found by Clang static analysis. (cherry picked from commit 23e6e8e4b7ffe8f7604bd4f6ad1b183d0927bfe2) --- README.md | 1 + src/x11_window.c | 13 ++++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0e18c811..bcd2d70d 100644 --- a/README.md +++ b/README.md @@ -134,6 +134,7 @@ information on what to include when reporting a bug. - [Cocoa] Bugfix: A connected Apple AirPlay would emit a useless error (#1791) - [Cocoa] Bugfix: The EGL and OSMesa libraries were not unloaded on termination - [X11] Bugfix: The OSMesa libray was not unloaded on termination + - [X11] Bugfix: A malformed response during selection transfer could cause a segfault - [Wayland] Added support for file path drop events (#2040) - [Wayland] Bugfix: `glfwSetClipboardString` would fail if set to result of `glfwGetClipboardString` diff --git a/src/x11_window.c b/src/x11_window.c index fc081486..331652ec 100644 --- a/src/x11_window.c +++ b/src/x11_window.c @@ -1049,13 +1049,16 @@ static const char* getSelectionString(Atom selection) if (!itemCount) { - if (targets[i] == XA_STRING) + if (string) { - *selectionString = convertLatin1toUTF8(string); - free(string); + if (targets[i] == XA_STRING) + { + *selectionString = convertLatin1toUTF8(string); + free(string); + } + else + *selectionString = string; } - else - *selectionString = string; break; }