From bf183f21d962099c9c6202c4db4baf3a08a44ece Mon Sep 17 00:00:00 2001 From: kcgen Date: Sat, 22 Oct 2022 12:50:37 -0700 Subject: Fix uninitialized event member access in ManyMouse (CWE-457) In pump_events, the event struct members are used initialized in three places: 1. Line 479, the event struct is passed into queue_event() which accesses the event's minval member, but it hasn't been written to at this point. 2. Line 488, the event struct is passed into queue_event() which accesses the event's minval member, but it hasn't been written to at this point. 3. Line 505, the event struct is passed into queue_event() which accesses the event's item member, but it hasn't been written to at this point. --- src/libs/manymouse/x11_xinput2.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/libs/manymouse/x11_xinput2.c b/src/libs/manymouse/x11_xinput2.c index 3593443fc..d85decef5 100644 --- a/src/libs/manymouse/x11_xinput2.c +++ b/src/libs/manymouse/x11_xinput2.c @@ -4,7 +4,9 @@ * Please see the file LICENSE.txt in the source's root directory. * * This file written by Ryan C. Gordon. - * Altered to silence compiler warnings by Roman Standzikowski. + * Altered to: + * - silence compiler warnings, by Roman Standzikowski. + * - fix uninitialized event member access, by kcgen. */ #include "manymouse.h" @@ -397,7 +399,14 @@ static inline int map_xi2_button(const int button) static void pump_events(void) { - ManyMouseEvent event; + ManyMouseEvent event = { + .type = 0, + .device = 0, + .item = 0, + .value = 0, + .minval = 0, + .maxval = 0 + }; const int opcode = xi2_opcode; const XIRawEvent *rawev = NULL; const XIHierarchyEvent *hierev = NULL; -- cgit v1.2.3