[PATCH xserver 3/3] record: Preserve client input buffer for RecordEnableContext request.

Rami Ylimäki rami.ylimaki at vincit.fi
Mon Oct 3 05:16:27 PDT 2011


This request installs hooks that keep sending replies even after the
request handler has finished. Each reply accesses the input buffer. If
we let the buffer to be shared, we will eventually read garbage or
even from freed memory.

Signed-off-by: Rami Ylimäki <rami.ylimaki at vincit.fi>
Reviewed-by: Erkki Seppälä <erkki.seppala at vincit.fi>
---
 record/record.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/record/record.c b/record/record.c
index 5cae2b9..f0bfed7 100644
--- a/record/record.c
+++ b/record/record.c
@@ -44,6 +44,7 @@ and Jim Haggerty of Metheus.
 #include "inputstr.h"
 #include "eventconvert.h"
 #include "scrnintstr.h"
+#include "os.h"
 
 
 #include <stdio.h>
@@ -2423,6 +2424,12 @@ ProcRecordEnableContext(ClientPtr client)
     /* send StartOfData */
     RecordAProtocolElement(pContext, NULL, XRecordStartOfData, NULL, 0, 0, 0);
     RecordFlushReplyBuffer(pContext, NULL, 0, NULL, 0);
+
+    /* We need to still access the client input buffer as we keep
+     * sending replies to this request even after the request has
+     * been technically completed. */
+    ReserveClientInput(client);
+
     return Success;
 } /* ProcRecordEnableContext */
 
-- 
1.7.1



More information about the xorg-devel mailing list