[PATCH xserver] xkb: Initialize pad bytes sent in replies of geometry requests.
Rami Ylimäki
rami.ylimaki at vincit.fi
Wed Mar 16 01:35:22 PDT 2011
On 03/16/2011 02:43 AM, Peter Hutterer wrote:
>
>> - memcpy(&wire[2],str,len);
>> - wire+= ((2+len+3)/4)*4;
>> + paddedLen= pad_to_int32(sizeof(len)+len)-sizeof(len);
>> + strncpy(&wire[sizeof(len)],str,paddedLen);
>> + wire+= sizeof(len)+paddedLen;
> looking at this again, does this really fix the issue?
Yes, I have verified it with Valgrind.
> assuming a string of strlen 11, paddedLen is 14.
> strncpy will copy 12 bytes (strlen + \0), so you write 14 bytes in total but
> advance wire by 16 bytes. the last 2 are uninitialized.
Not true, strncpy with n=14 copies always exactly 14 bytes. If n exceeds
the size of source string, destination string is padded with null
characters. Note that strncpy was used instead of strcpy.
-- Rami
More information about the xorg-devel
mailing list