From e75310a445f019cd4ef27a87c3da57b6891d7c69 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Sun, 26 Oct 2014 21:48:59 -0400
Subject: [PATCH] Fix an out-of-bounds access in MyEnhancedXkbTranslateKeyCode

Commits 314b6abbe8d8daae and eb9223c008ccf1c2faab were ignoring
the fact that the code where found is set to 1 was modifying
col - which was an ok thing to do when that part of the code
was still breaking out of the loop, but it is no longer doing
that (since 2003 !). Fix things up by storing the final col
value in a separate variable and using that after the loop.

https://bugzilla.gnome.org/show_bug.cgi?id=738886
---
 gdk/x11/gdkkeys-x11.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/gdk/x11/gdkkeys-x11.c b/gdk/x11/gdkkeys-x11.c
index c45a971444..a83ec150b1 100644
--- a/gdk/x11/gdkkeys-x11.c
+++ b/gdk/x11/gdkkeys-x11.c
@@ -1058,6 +1058,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr     xkb,
     int col,nKeyGroups;
     unsigned preserve,effectiveGroup;
     KeySym *syms;
+    int found_col = 0;
 
     if (mods_rtrn!=NULL)
         *mods_rtrn = 0;
@@ -1090,7 +1091,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr     xkb,
                 break;
         }
     }
-    col= effectiveGroup*XkbKeyGroupsWidth(xkb,key);
+    found_col = col= effectiveGroup*XkbKeyGroupsWidth(xkb,key);
     type = XkbKeyKeyType(xkb,key,effectiveGroup);
 
     preserve= 0;
@@ -1129,7 +1130,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr     xkb,
             }
 
             if (!found && ((mods&type->mods.mask) == entry->mods.mask)) {
-                col+= entry->level;
+                found_col= col + entry->level;
                 if (type->preserve)
                     preserve= type->preserve[i].mask;
 
@@ -1143,7 +1144,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr     xkb,
     }
 
     if (keysym_rtrn!=NULL)
-        *keysym_rtrn= syms[col];
+        *keysym_rtrn= syms[found_col];
     if (mods_rtrn) {
         /* ---- Begin section modified for GDK  ---- */
         *mods_rtrn &= ~preserve;
@@ -1175,7 +1176,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr     xkb,
 
     /* ---- End stuff GDK adds to the original Xlib version ---- */
 
-    return (syms[col] != NoSymbol);
+    return (syms[found_col] != NoSymbol);
 }
 #endif /* HAVE_XKB */
 
-- 
2.30.2