[PATCH] Fix num_masks/length overflow test for XiSelectEvents

[Peter Hutterer]

On Tue, Sep 15, 2009 at 05:53:50PM -0700, Alan Coopersmith wrote:
> Have to set windowid to a valid value first, since that check
> appears earlier in the code than the masks/length check.
> 
> Also have to have data[] set large enough so that reading mask
> data for 0xFFFF masks doesn't overflow past the end of the array
> into uninitialized data.
> 
> Signed-off-by: Alan Coopersmith <alan.coopersmith at sun.com>
> ---
> 
> Improved version of earlier patch that also addresses the root cause of
> why Peter & I saw different results for this test - since we had different
> uninitialized data for the masks read past the end of the data[] array.
> 
> Also changed to leave the setting of req->win for the next test case,
> copying it instead of moving it up, to avoid failure due to the swapl()
> of the req->win value during testing.
> 
>  test/xi2/protocol-xiselectevents.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/test/xi2/protocol-xiselectevents.c b/test/xi2/protocol-xiselectevents.c
> index f314462..fe1c26d 100644
> --- a/test/xi2/protocol-xiselectevents.c
> +++ b/test/xi2/protocol-xiselectevents.c
> @@ -60,7 +60,7 @@
>  #include "protocol-common.h"
>  #include <glib.h>
>  
> -static unsigned char *data[4096 * 16]; /* the request data buffer */
> +static unsigned char *data[4096 * 20]; /* the request data buffer */
>  
>  int __wrap_XISetEventMask(DeviceIntPtr dev, WindowPtr win, int len, unsigned char* mask)
>  {
> @@ -284,6 +284,7 @@ static void test_XISelectEvents(void)
>      request_XISelectEvent(req, BadWindow);
>  
>      g_test_message("Triggering num_masks/length overflow");
> +    req->win = ROOT_WINDOW_ID;
>      /* Integer overflow - req->length can't hold that much */
>      req->num_masks = 0xFFFF;
>      request_XISelectEvent(req, BadLength);
> -- 
> 1.5.6.5

Thanks for the patches, all three merged and pushed.
 
Cheers,
  Peter