[libXt:PATCH] XtAsprintf: Fix memory corruption.

Alan Coopersmith alan.coopersmith at oracle.com
Tue Mar 8 13:14:44 PST 2011

On 03/ 8/11 07:09 AM, Cyril Brulebois wrote:
> Don't write the null terminator to a random place, this can trigger some
> segfault in XtOpenDisplay() and other annoyances.
> -	new_string[len] = '\0';
> +	(*new_string)[len] = '\0';

Oops!  Sorry.   Yes.

Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>

As penance I wrote a quick test that catches this failure and confirms the fix.
(See separate mail for that.)   A very incomplete test case, but we have to
start somewhere, and it seems to be working for the xserver so far.

Once the fix & test are in, we'll get a libXt-1.1.1 release out with those and
the two other minor changes in git master - I'll hold back on pushing the
possibly more risky XtAppMainLoop patch until after that.

	-Alan Coopersmith-        alan.coopersmith at oracle.com
	 Oracle Solaris Platform Engineering: X Window System

More information about the xorg-devel mailing list