[PATCH 1/1] randr: avoid rrGetScreenResources replying with uninitialized bytes.

Oliver McFadden oliver.mcfadden at nokia.com
Wed Mar 9 06:02:11 PST 2011 

==9999== Syscall param writev(vector[...]) points to uninitialised byte(s)
==9999==    at 0x4AB7054: writev (writev.c:51)
==9999==    by 0x5E237: _XSERVTransWritev (Xtrans.c:912)
==9999==    by 0x6154B: FlushClient (io.c:937)
==9999==    by 0x61FFF: FlushAllOutput (io.c:681)
==9999==    by 0x26BF3: Dispatch (dispatch.c:453)
==9999==    by 0x205E7: main (main.c:291)
==9999==  Address 0x5525c70 is 632 bytes inside a block of size 4,096 alloc'd
==9999==    at 0x48334A4: calloc (vg_replace_malloc.c:467)
==9999==    by 0x61E23: WriteToClient (io.c:1078)
==9999==    by 0x21517: ProcEstablishConnection (dispatch.c:3685)
==9999==    by 0x26CEB: Dispatch (dispatch.c:432)
==9999==    by 0x205E7: main (main.c:291)
==9999==  Uninitialised value was created by a stack allocation
==9999==    at 0xCA4E0: rrGetScreenResources (rrscreen.c:313)

Signed-off-by: Oliver McFadden <oliver.mcfadden at nokia.com>
---
 randr/rrscreen.c |    9 +--------
 1 files changed, 1 insertions(+), 8 deletions(-)

diff --git a/randr/rrscreen.c b/randr/rrscreen.c
index 1bc1a9e..d27a384 100644
--- a/randr/rrscreen.c
+++ b/randr/rrscreen.c
@@ -331,23 +331,18 @@ rrGetScreenResources(ClientPtr client, Bool query)
     
     pScreen = pWin->drawable.pScreen;
     pScrPriv = rrGetScrPriv(pScreen);
-    rep.pad = 0;
     
     if (query && pScrPriv)
 	if (!RRGetInfo (pScreen, query))
 	    return BadAlloc;
 
+    memset (&rep, 0, sizeof (xRRGetScreenResourcesReply));
     if (!pScrPriv)
     {
 	rep.type = X_Reply;
 	rep.sequenceNumber = client->sequence;
-	rep.length = 0;
 	rep.timestamp = currentTime.milliseconds;
 	rep.configTimestamp = currentTime.milliseconds;
-	rep.nCrtcs = 0;
-	rep.nOutputs = 0;
-	rep.nModes = 0;
-	rep.nbytesNames = 0;
 	extra = NULL;
 	extraLen = 0;
     }
@@ -362,13 +357,11 @@ rrGetScreenResources(ClientPtr client, Bool query)
 	
 	rep.type = X_Reply;
 	rep.sequenceNumber = client->sequence;
-	rep.length = 0;
 	rep.timestamp = pScrPriv->lastSetTime.milliseconds;
 	rep.configTimestamp = pScrPriv->lastConfigTime.milliseconds;
 	rep.nCrtcs = pScrPriv->numCrtcs;
 	rep.nOutputs = pScrPriv->numOutputs;
 	rep.nModes = num_modes;
-	rep.nbytesNames = 0;
 
 	for (i = 0; i < num_modes; i++)
 	    rep.nbytesNames += modes[i]->mode.nameLength;
-- 
1.7.1.245.g7c42e

More information about the xorg-devel mailing list