xcb-util/icccm: fix divide-by-zero fpe

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

xcb-util/icccm: fix divide-by-zero fpe

David Coppa
Hi again,

Windows of type _NET_WM_WINDOW_TYPE_DOCK have reply->format = 0,
thus causing a division by zero floating-point exception.

I found this the hard way trying to run "dzen2 -dock" under i3.

The very funny thing is that this bug doesn't even show up in linux! :)
It has been proven again that OpenBSD is the best platform to develop
C code on...

References:

http://lists.freedesktop.org/archives/xcb/2010-March/005651.html

http://cgit.freedesktop.org/xcb/util/commit/?id=14679bb8b07a1f56788da457fadc32e6354e89bf

It's already in upstream git. Patch for xenocara tree following

ciao,
david


Fix division by zero in

length = xcb_get_property_value_length(reply) / (reply->format / 8);

And also use the new macro where it should be used.

Index: icccm.c
===================================================================
RCS file: /cvs/xenocara/dist/xcb-util/icccm/icccm.c,v
retrieving revision 1.5
diff -N -u -p icccm.c
--- icccm.c 7 Mar 2010 15:51:34 -0000 1.5
+++ icccm.c 12 Mar 2010 08:35:23 -0000
@@ -418,8 +418,7 @@ xcb_get_property_cookie_t
 xcb_get_wm_size_hints(xcb_connection_t *c, xcb_window_t window,
                       xcb_atom_t property)
 {
-  /* NumPropSizeElements = 18 (ICCCM version 1). */
-  return xcb_get_property(c, 0, window, property, WM_SIZE_HINTS, 0L, 18);
+  return xcb_get_property(c, 0, window, property, WM_SIZE_HINTS, 0L, XCB_NUM_WM_SIZE_HINTS_ELEMENTS);
 }
 
 xcb_get_property_cookie_t
@@ -427,7 +426,7 @@ xcb_get_wm_size_hints_unchecked(xcb_connection_t *c, x
                                 xcb_atom_t property)
 {
   return xcb_get_property_unchecked(c, 0, window, property, WM_SIZE_HINTS,
-                                    0L, 18);
+                                    0L, XCB_NUM_WM_SIZE_HINTS_ELEMENTS);
 }
 
 uint8_t
@@ -439,13 +438,11 @@ xcb_get_wm_size_hints_from_reply(xcb_size_hints_t *hin
   if(!reply)
     return 0;
 
-  length = xcb_get_property_value_length(reply) / (reply->format / 8);
-
   if (!(reply->type == WM_SIZE_HINTS &&
-         reply->format == 32 &&
-        /* OldNumPropSizeElements = 15 (pre-ICCCM) */
-        length >= 15))
+         reply->format == 32))
     return 0;
+
+  length = xcb_get_property_value_length(reply) / (reply->format / 8);
 
   if (length > XCB_NUM_WM_SIZE_HINTS_ELEMENTS)
     length = XCB_NUM_WM_SIZE_HINTS_ELEMENTS;