[libXt:PATCH] XtAsprintf: Fix memory corruption.
Alan Coopersmith
alan.coopersmith at oracle.com
Tue Mar 8 13:14:44 PST 2011
On 03/ 8/11 07:09 AM, Cyril Brulebois wrote:
> Don't write the null terminator to a random place, this can trigger some
> segfault in XtOpenDisplay() and other annoyances.
> - new_string[len] = '\0';
> + (*new_string)[len] = '\0';
Oops! Sorry. Yes.
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
As penance I wrote a quick test that catches this failure and confirms the fix.
(See separate mail for that.) A very incomplete test case, but we have to
start somewhere, and it seems to be working for the xserver so far.
Once the fix & test are in, we'll get a libXt-1.1.1 release out with those and
the two other minor changes in git master - I'll hold back on pushing the
possibly more risky XtAppMainLoop patch until after that.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Platform Engineering: X Window System
More information about the xorg-devel
mailing list