From 23e6e8e4b7ffe8f7604bd4f6ad1b183d0927bfe2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Camilla=20L=C3=B6wy?= Date: Mon, 18 Apr 2022 23:22:25 +0200 Subject: [PATCH] X11: Fix segfault on malformed INCR response The code assumed that at least some data would be received via the INCR mechanism and that, as a result, the string buffer would be allocated. Bug found by Clang static analysis. --- README.md | 1 + src/x11_window.c | 13 ++++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 3b57f9b5..67d57a2f 100644 --- a/README.md +++ b/README.md @@ -290,6 +290,7 @@ information on what to include when reporting a bug. - [X11] Bugfix: Dynamic loading on NetBSD failed due to soname differences - [X11] Bugfix: Left shift of int constant relied on undefined behavior (#1951) - [X11] Bugfix: The OSMesa libray was not unloaded on termination + - [X11] Bugfix: A malformed response during selection transfer could cause a segfault - [Wayland] Added dynamic loading of all Wayland libraries - [Wayland] Added support for key names via xkbcommon - [Wayland] Added support for file path drop events (#2040) diff --git a/src/x11_window.c b/src/x11_window.c index b77162b5..85b844a1 100644 --- a/src/x11_window.c +++ b/src/x11_window.c @@ -985,13 +985,16 @@ static const char* getSelectionString(Atom selection) if (!itemCount) { - if (targets[i] == XA_STRING) + if (string) { - *selectionString = convertLatin1toUTF8(string); - _glfw_free(string); + if (targets[i] == XA_STRING) + { + *selectionString = convertLatin1toUTF8(string); + _glfw_free(string); + } + else + *selectionString = string; } - else - *selectionString = string; break; }