cursor: fix crash with weird input files

If a cursor file contains multiple images for the same size, this
typically indicates an animation. The compositor weston uses
wl_cursor_frame_and_duration to figure out at which time a specific image
should be shown.

The total delay is the sum of all image delays. But if all images have a
delay of 0, the total delay is 0 as well. The code does not check for this
special condition and triggers a floating point exception by eventually
performing a modulo operation with 0.

This, of course, could also happen if the sum of all image delays
triggers an unsigned int overflow. But since a comment in the code
already indicates that it does not try to "fix" handling of weird files,
I would argue that it's "okay" if that happens. At least the program
won't crash.

Proof of Concept:

install -D ~/.icons/poc/cursors
base64 -d > ~/.icons/poc/cursors/left_ptr << EOF
WGN1chAAAAAAAAEAAgAAAAIA/f8BAAAAKAAAAAIA/f8BAAAAKAAAACQAAAACAP3/AQAAAAEAAAAB
AAAAAQAAAAEAAAABAAAAAAAAAAAAAAA=
EOF
cat > /tmp/weston.ini << EOF
[shell]
cursor-theme=poc
EOF
weston -c /tmp/weston.ini

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

1 files changed, 1 insertions, 1 deletions

diff --git a/cursor/wayland-cursor.c b/cursor/wayland-cursor.c
index 4e2dc50..7da7014 100644
--- a/cursor/wayland-cursor.c
+++ b/cursor/wayland-cursor.c
@@ -475,7 +475,7 @@ wl_cursor_frame_and_duration(struct wl_cursor *_cursor, uint32_t time,
 	uint32_t t;
 	int i;
 
-	if (cursor->cursor.image_count == 1) {
+	if (cursor->cursor.image_count == 1 || cursor->total_delay == 0) {
 		if (duration)
 			*duration = 0;
 		return 0;