[PATCH:libXt 2/3] GetResources: protect against underflow when type conversion fails

Alan Coopersmith alan.coopersmith at oracle.com
Sat Feb 5 08:12:21 PST 2011


I think it used to be faster to count down and compare against zero on some
CPU's (probably 680x0 or so), and you do see that a bit in the ancient X code.

I can't see any other reason to do the counting this way here, so will look into
turning it around.

	-alan-

On 02/ 5/11 02:47 AM, walter harms wrote:
> 
> 
> 	    for (i = num_typed_args - typed[j]; i > 0; i--, arg++) {
> 
> IMHO this violates the rule of least surprise. the other way around is much more
> common. Since i is only a counter i do not see why we need to count down.
> (More adventures people may want to use memmove, but i did not see the rest of code)
> 
> 		    for (i=0; i < num_typed_args - typed[j]; i++) {
>  			*arg = *(arg+1);
> 		        arg++;
>   		    }
> 
> just my 2 cents,
> 
> re,
>  wh
> 
> 
> 
> Am 05.02.2011 07:29, schrieb Alan Coopersmith:
>> Fix originally created by Leo Binchy for Sun to fix Solaris bug 1211553:
>>  XtVaCreateManagedWidget with list of resources XtVaTypedArg cause core dump
>>
>> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
>> ---
>>  src/Resources.c |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/src/Resources.c b/src/Resources.c
>> index 304d3d5..dc0f563 100644
>> --- a/src/Resources.c
>> +++ b/src/Resources.c
>> @@ -857,7 +857,7 @@ static XtCacheRef *GetResources(
>>  		    register XtTypedArg* arg = typed_args + typed[j] - 1;
>>  		    register int i;
>>  
>> -		    for (i = num_typed_args - typed[j]; i; i--, arg++) {
>> +		    for (i = num_typed_args - typed[j]; i > 0; i--, arg++) {
>>  			*arg = *(arg+1);
>>  		    }
>>  		    num_typed_args--;


-- 
	-Alan Coopersmith-        alan.coopersmith at oracle.com
	 Oracle Solaris Platform Engineering: X Window System



More information about the xorg-devel mailing list