Version: 3.3.0 (using KDE KDE 3.3.0) Installed from: Debian testing/unstable Packages OS: Linux The following application causes kwin to crash. #include <stdlib.h> #include <X11/Xlib.h> int main( int argc, char **argv ) { Display *d = XOpenDisplay(0); int s = DefaultScreen(d); unsigned int *data = malloc(1026 * 4); Atom net_wm_icon = XInternAtom(d, "_NET_WM_ICON", False); Atom cardinal = XInternAtom(d, "CARDINAL", False); Window w; XEvent e; w = XCreateWindow(d, RootWindow(d, s), 0, 0, 20, 20, 0, CopyFromParent, InputOutput, CopyFromParent, 0, 0); data[ 0 ] = 536870912; data[ 1 ] = 536870912; XChangeProperty(d, w, net_wm_icon, cardinal, 32, PropModeReplace, (const unsigned char*) data, 1026*4); XMapWindow(d, w); while(1) XNextEvent(d, &e); }
CVS commit by lunakl: Protect against attempts at sabotaging KWin. CCMAIL: 90944-done@bugs.kde.org M +1 -1 netwm.cpp 1.137 --- kdelibs/kdecore/netwm.cpp #1.136:1.137 @@ -495,5 +495,5 @@ fprintf(stderr, "NETWM: Warning readIcon s = sz * sizeof(long); - if ( i + s - 1 > bufsize ) { + if ( i + s - 1 > bufsize || sz == 0 || sz > 1024 * 1024 ) { break; }
Unfortunately, this bug has been reintroduced in Plasma 5. The original code submitted by Billy crashes even the latest KWin 5.3.2 again.
And fixed again in kwindowsystem 5.13. Thanks!