[libXt:PATCH] XtAsprintf: Fix memory corruption.

Alan Coopersmith alan.coopersmith at oracle.com
Wed Mar 9 15:53:42 PST 2011

On 03/ 8/11 01:14 PM, Alan Coopersmith wrote:
> On 03/ 8/11 07:09 AM, Cyril Brulebois wrote:
>> Don't write the null terminator to a random place, this can trigger some
>> segfault in XtOpenDisplay() and other annoyances.
>> -	new_string[len] = '\0';
>> +	(*new_string)[len] = '\0';
> Oops!  Sorry.   Yes.
> Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> As penance I wrote a quick test that catches this failure and confirms the fix.
> (See separate mail for that.)   A very incomplete test case, but we have to
> start somewhere, and it seems to be working for the xserver so far.
> Once the fix & test are in, we'll get a libXt-1.1.1 release out with those and
> the two other minor changes in git master - I'll hold back on pushing the
> possibly more risky XtAppMainLoop patch until after that.

I've gone ahead and pushed your fix for now, since it's right, while the test
case needs more work as discussed in various other messages.

	-Alan Coopersmith-        alan.coopersmith at oracle.com
	 Oracle Solaris Platform Engineering: X Window System

More information about the xorg-devel mailing list