From nobody Thu Nov 6 16:14:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1542272853527849.309990525775; Thu, 15 Nov 2018 01:07:33 -0800 (PST) Received: from localhost ([::1]:37544 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gNDca-00077v-Dm for importer@patchew.org; Thu, 15 Nov 2018 04:07:32 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59433) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gNDa0-0005Xf-N4 for qemu-devel@nongnu.org; Thu, 15 Nov 2018 04:04:58 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gNDZt-0006vg-Of for qemu-devel@nongnu.org; Thu, 15 Nov 2018 04:04:50 -0500 Received: from mail-pg1-x542.google.com ([2607:f8b0:4864:20::542]:41659) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gNDZn-0006py-WF for qemu-devel@nongnu.org; Thu, 15 Nov 2018 04:04:41 -0500 Received: by mail-pg1-x542.google.com with SMTP id 70so8714335pgh.8 for ; Thu, 15 Nov 2018 01:04:30 -0800 (PST) Received: from localhost.localdomain.localdomain ([103.65.40.100]) by smtp.gmail.com with ESMTPSA id e86sm4172034pfb.6.2018.11.15.01.04.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Nov 2018 01:04:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=taYdE0q7AHKuNv3JdgyLWUdB2yWLTr44y22325FIS6A=; b=JopnWlp0ozDpPtCCdO14rV9T7Wpxn7TKu6eClvjAwcbEvrFUUXuszigcAw71EIVouN 46022CiNX3Asxi8i/jc8Bja4BOBQp4HjlBfWt0i9DzujAXn0i9TrR3x2eg2TyfGzVKyK 0Fs4kqlExkl6cGGhKVcBO0VTtnjtpo17e3FvyVydB3ngBnv8O+I4DstZGt5Dp7Z7DXDe tc0YbBnVNtkHvkq1zm1sP9GrodjGXKGSE6ERLi7CyOJTovbFs07G7b03xZsclFvpo+FZ HMoeWBmxWo/sgSH++2q/bJsWaIJy4ziEMFw68GiDw9Nqi3ArlWdlrgGvk5w+vpaYJut+ Kimg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=taYdE0q7AHKuNv3JdgyLWUdB2yWLTr44y22325FIS6A=; b=SIZCd3zNSYKuBWnlqbl1oq+lryTE9766d134Q6xdBT9Zf9yChX448s0R0Gn/mY+Hgq c9SVKixFugRlYDhhcO3MId/TvOtKSlsUQ920XXU0BXwu2iVANTBux2tQ8k5iHm8Eq2lQ 7tq8VHRW9k3oT9qfNpLVOnyH/WB5TS3jVJsPi5F20o+Jp0F7tVV018GMeMOfM8lPzEME UjKm1ctdSQ5eGvocdVDw5JkgndWbi25QbXk8IHb72AXQZzH4HOOCmXbxdLnZy3v77bmp CbVirjCdox8XdK826BrR7QGfDxjI9Lci9yiWQ3AhEgLA8TgsPet0QNKvts6CRqgVKNPq HbBg== X-Gm-Message-State: AGRZ1gJ1TEbDm1sGYsnMl9NjvvlJoJ/CYAUetEpslXDQf6a0m/1Ld9AF 9gwHXgldPGEkSFxq1C7mNqg= X-Google-Smtp-Source: AJdET5fC70ZaKt/fhqZVKZMU9fpV2IQQ/KDTtHAX9vb2IPjUYBCVVZiy+LEOj6ajzQ+U263qJ+XIOg== X-Received: by 2002:a63:d904:: with SMTP id r4mr5028860pgg.207.1542272669415; Thu, 15 Nov 2018 01:04:29 -0800 (PST) From: Li Qiang To: kraxel@redhat.com Date: Thu, 15 Nov 2018 01:04:23 -0800 Message-Id: <1542272663-6619-1-git-send-email-liq3ea@gmail.com> X-Mailer: git-send-email 1.8.3.1 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::542 Subject: [Qemu-devel] [PATCH] keymaps: detect recursive keyboard layout file X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Li Qiang , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" When the parse_keyboard_layout() find a "include " line in the keyboard layout file, it will call parse_keyboard_layout() to perform a recursive parse. If the keyboard layout is malformed by adding a line include itself, this can cause an infinite parse. Thus cause qemu a segv. This patch avoid this. Signed-off-by: Li Qiang --- ui/keymaps.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/ui/keymaps.c b/ui/keymaps.c index 085889b555..564893a9f3 100644 --- a/ui/keymaps.c +++ b/ui/keymaps.c @@ -38,6 +38,8 @@ struct kbd_layout_t { GHashTable *hash; }; =20 +GList *keyboard_files; + static int get_keysym(const name2keysym_t *table, const char *name) { @@ -80,6 +82,11 @@ static void add_keysym(char *line, int keysym, int keyco= de, kbd_layout_t *k) trace_keymap_add(keysym, keycode, line); } =20 +static gint compare_string(gconstpointer a, gconstpointer b) +{ + return g_strcmp0(a, b); +} + static int parse_keyboard_layout(kbd_layout_t *k, const name2keysym_t *table, const char *language, Error **errp) @@ -94,12 +101,18 @@ static int parse_keyboard_layout(kbd_layout_t *k, filename =3D qemu_find_file(QEMU_FILE_TYPE_KEYMAP, language); trace_keymap_parse(filename); f =3D filename ? fopen(filename, "r") : NULL; - g_free(filename); if (!f) { + g_free(filename); error_setg(errp, "could not read keymap file: '%s'", language); return -1; } =20 + if (g_list_find_custom(keyboard_files, filename, compare_string)) { + error_setg(errp, "find recursive keyboard layout: %s'", filename); + g_free(filename); + return -1; + } + keyboard_files =3D g_list_append(keyboard_files, filename); for(;;) { if (fgets(line, 1024, f) =3D=3D NULL) { break; @@ -168,6 +181,8 @@ static int parse_keyboard_layout(kbd_layout_t *k, ret =3D 0; out: fclose(f); + keyboard_files =3D g_list_remove(keyboard_files, filename); + g_free(filename); return ret; } =20 --=20 2.11.0