o5r/plan9port
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3873 commits 1 branch 0 tags 27 MiB
Commit graph

11 commits

Author SHA1 Message Date
Igor Böhm
d92ac2d1b4 libdraw: fix out-of-bounds access to local buffer in event.c:startrpc() 
The function `startrpc()` stack allocates a local buffer of size 100:

```c
static Muxrpc*
startrpc(int type)
{
	uchar buf[100];
	      ^^^^^^^^
	Wsysmsg w;

	w.type = type;
	convW2M(&w, buf, sizeof buf);
	return muxrpcstart(display->mux, buf);
}
```

The function `convW2M()` is called passing `buf`. That function accesses
`buf` out-of-bounds:

```c
uint
convW2M(Wsysmsg *m, uchar *p, uint n)
{
  ...
  case Tcursor2:
    PUT(p+6, m->cursor.offset.x);
    PUT(p+10, m->cursor.offset.y);
    memmove(p+14, m->cursor.clr, sizeof m->cursor.clr);
    memmove(p+46, m->cursor.set, sizeof m->cursor.set);
    PUT(p+78, m->cursor2.offset.x);
    PUT(p+82, m->cursor2.offset.y);
    memmove(p+86, m->cursor2.clr, sizeof m->cursor2.clr);
    memmove(p+214, m->cursor2.set, sizeof m->cursor2.set);
    p[342] = m->arrowcursor;
    ^^^^^^
```

To fix the issue the size of local variable `buf` is increased from 100
to 512 to avoid out-of-bounds array access.
 2022-07-26 12:12:05 -04:00
Russ Cox
d25d0ca1a3 devdraw, libdraw: handle keyboard runes > U+FFFF 
Runes in Plan 9 were limited to the 16-bit BMP when I drew up
the RPC protocol between graphical programs and devdraw
a long time ago. Now that they can be 32-bit, use a 32-bit wire
encoding too. A new message number to avoid problems with
other clients (like 9fans.net/go).

Add keyboard shortcut alt : , for U+1F602, face with tears of joy,
to test that it all works.
 2020-05-18 23:45:03 -04:00
Dan Cross
fa325e9b42 Trivial changes: whitespace and modes. 
Remote whitespace at the ends of lines.
Remove blank lines from the ends of files.
Change modes on source files so that they
are not executable.

Signed-off-by: Dan Cross <cross@gajendra.net>
 2020-01-10 14:54:30 +00:00
Russ Cox
8581c2b567 libdraw: add Cursor2, a 32x32 high-res cursor 
Also add setcursor2, esetcursor2, and draw protocol encoding.
Calls to the old setcursor, esetcursor create a 32x32 by
pixel doubling when needed.
 2018-11-15 20:39:35 -05:00
Russ Cox
54bebe6a69 libdraw: add visibleclicks mode 
R=rsc
http://codereview.appspot.com/6501137
 2012-09-17 12:39:49 -04:00
Russ Cox
0a98a883d5 libdraw: fix spinning event loop (David Bulkow) 2008-01-10 21:38:42 -05:00
rsc
33da33e72b block instead of chewing cpu in eread (Lu Xuxiao) 2006-11-05 14:43:52 +00:00
rsc
3a19470202 In non-blocking recv functions in libmux and libdraw, 
distinguish between "cannot receive without blocking"
and "EOF on connection".

In libmux, do not elect async guys muxers, so that
synchronous RPC calls run in the main event loop
(e.g., in eresized) do not get stuck.

Fixes problem reported by Lu Xuxiao, namely that
jpg etc. would spin at 100% cpu usage.
 2006-11-04 18:46:00 +00:00
rsc
150f88023b event 2006-06-25 21:04:07 +00:00
rsc
74dc60da74 bye 2006-06-25 18:59:29 +00:00
rsc
76193d7cb0 Initial revision 2003-09-30 17:47:42 +00:00