52f6d0ba20
discovered by Ilja van Sprundel. CVE-2013-1981 X.org libX11 1.5.99.901 (1.6 RC1) integer overflows CVE-2013-1982 X.org libXext 1.3.1 integer overflows CVE-2013-1983 X.org libXfixes 5.0 integer overflows CVE-2013-1984 X.org libXi 1.7.1 integer overflows CVE-2013-1985 X.org libXinerama 1.1.2 integer overflows CVE-2013-1986 X.org libXrandr 1.4.0 integer overflows CVE-2013-1987 X.org libXrender 0.9.7 integer overflows CVE-2013-1988 X.org libXRes 1.0.6 integer overflows CVE-2013-1989 X.org libXv 1.0.7 integer overflows CVE-2013-1990 X.org libXvMC 1.0.7 integer overflows CVE-2013-1991 X.org libXxf86dga 1.1.3 integer overflows CVE-2013-1992 X.org libdmx 1.1.2 integer overflows CVE-2013-1994 X.org libchromeXvMC & libchromeXvMCPro in openChrome 0.3.2 integer overflows CVE-2013-1995 X.org libXi 1.7.1 sign extension issues CVE-2013-1996 X.org libFS 1.0.4 sign extension issues CVE-2013-1997 X.org libX11 1.5.99.901 (1.6 RC1) buffer overflows CVE-2013-1998 X.org libXi 1.7.1 buffer overflows CVE-2013-1999 X.org libXvMC 1.0.7 buffer overflows CVE-2013-2000 X.org libXxf86dga 1.1.3 buffer overflows CVE-2013-2001 X.org libXxf86vm 1.1.2 buffer overflows CVE-2013-2002 X.org libXt 1.1.3 buffer overflows CVE-2013-2003 X.org libXcursor 1.1.13 integer overflows CVE-2013-2004 X.org libX11 1.5.99.901 (1.6 RC1) unbounded recursion CVE-2013-2005 X.org libXt 1.1.3 memory corruption CVE-2013-2066 X.org libXv 1.0.7 buffer overflows
82 lines
2.4 KiB
C
82 lines
2.4 KiB
C
/*
|
|
|
|
Copyright 1986, 1998 The Open Group
|
|
|
|
Permission to use, copy, modify, distribute, and sell this software and its
|
|
documentation for any purpose is hereby granted without fee, provided that
|
|
the above copyright notice appear in all copies and that both that
|
|
copyright notice and this permission notice appear in supporting
|
|
documentation.
|
|
|
|
The above copyright notice and this permission notice shall be included in
|
|
all copies or substantial portions of the Software.
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
|
|
AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
Except as contained in this notice, the name of The Open Group shall not be
|
|
used in advertising or otherwise to promote the sale, use or other dealings
|
|
in this Software without prior written authorization from The Open Group.
|
|
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
#include "Xlibint.h"
|
|
#include <limits.h>
|
|
|
|
XTimeCoord *XGetMotionEvents(
|
|
register Display *dpy,
|
|
Window w,
|
|
Time start,
|
|
Time stop,
|
|
int *nEvents) /* RETURN */
|
|
{
|
|
xGetMotionEventsReply rep;
|
|
register xGetMotionEventsReq *req;
|
|
XTimeCoord *tc = NULL;
|
|
LockDisplay(dpy);
|
|
GetReq(GetMotionEvents, req);
|
|
req->window = w;
|
|
/* XXX is this right for all machines? */
|
|
req->start = start;
|
|
req->stop = stop;
|
|
if (!_XReply (dpy, (xReply *)&rep, 0, xFalse)) {
|
|
UnlockDisplay(dpy);
|
|
SyncHandle();
|
|
return (NULL);
|
|
}
|
|
|
|
if (rep.nEvents && (rep.nEvents < (INT_MAX / sizeof(XTimeCoord))))
|
|
tc = Xmalloc(rep.nEvents * sizeof(XTimeCoord));
|
|
if (tc == NULL) {
|
|
/* server returned either no events or a bad event count */
|
|
*nEvents = 0;
|
|
_XEatDataWords (dpy, rep.length);
|
|
}
|
|
else
|
|
{
|
|
register XTimeCoord *tcptr;
|
|
unsigned int i;
|
|
xTimecoord xtc;
|
|
|
|
*nEvents = (int) rep.nEvents;
|
|
for (i = rep.nEvents, tcptr = tc; i > 0; i--, tcptr++) {
|
|
_XRead (dpy, (char *) &xtc, SIZEOF (xTimecoord));
|
|
tcptr->time = xtc.time;
|
|
tcptr->x = cvtINT16toShort (xtc.x);
|
|
tcptr->y = cvtINT16toShort (xtc.y);
|
|
}
|
|
}
|
|
|
|
UnlockDisplay(dpy);
|
|
SyncHandle();
|
|
return (tc);
|
|
}
|
|
|