locale1: fix use-after-free in xkb_keymap creation
qPrintable creates temporary objects that are destroyed before `xkb_keymap_new_from_names` is called. It's highly likely that the data we pass to xkbcommon will be overwritten by random data by that point. Fix that by storing values as QByteArrays just like `Xkb::loadKeymapFromConfig` does.
This commit is contained in:
Aleksei Bavshin
parent
cd94cdaf3a
commit
f70bda9f6d
1 changed files with 15 additions and 7 deletions
22
src/xkb.cpp
22
src/xkb.cpp
|
|
@ -246,16 +246,24 @@ xkb_keymap *Xkb::loadKeymapFromLocale1()
|
|||
{
|
||||
OrgFreedesktopDBusPropertiesInterface locale1Properties(s_locale1Interface, "/org/freedesktop/locale1", QDBusConnection::systemBus(), this);
|
||||
const QVariantMap properties = locale1Properties.GetAll(s_locale1Interface);
|
||||
const QString layouts = properties["X11Layout"].toString();
|
||||
|
||||
const QByteArray model = properties["X11Model"].toByteArray();
|
||||
const QByteArray layout = properties["X11Layout"].toByteArray();
|
||||
const QByteArray variant = properties["X11Variant"].toByteArray();
|
||||
const QByteArray options = properties["X11Options"].toByteArray();
|
||||
|
||||
xkb_rule_names ruleNames = {
|
||||
nullptr,
|
||||
qPrintable(properties["X11Model"].toString()),
|
||||
qPrintable(layouts),
|
||||
qPrintable(properties["X11Variant"].toString()),
|
||||
qPrintable(properties["X11Options"].toString()),
|
||||
.rules = nullptr,
|
||||
.model = model.constData(),
|
||||
.layout = layout.constData(),
|
||||
.variant = variant.constData(),
|
||||
.options = options.constData(),
|
||||
};
|
||||
|
||||
applyEnvironmentRules(ruleNames);
|
||||
m_layoutList = layouts.split(QLatin1Char(','));
|
||||
|
||||
m_layoutList = QString::fromLatin1(ruleNames.layout).split(QLatin1Char(','));
|
||||
|
||||
return xkb_keymap_new_from_names(m_context, &ruleNames, XKB_KEYMAP_COMPILE_NO_FLAGS);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue