[PATCH v2 28/29] ephyrGLXQueryServerString: Stop making an unused copy of server_string
Alan Coopersmith
alan.coopersmith at oracle.com
Wed Jul 4 15:37:42 PDT 2012
ephyrGLXQueryServerString() carefully allocated a buffer padded to the
word-aligned string length for sending to the client, copied the string
to it, and then forgot to use it, potentially reading a few bytes of
garbage past the end of the server_string buffer.
Since WriteToClient already handles the necessary padding, just send
it the actual length of the original server_string, and don't bother
making a padded copy.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
hw/kdrive/ephyr/ephyrglxext.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/hw/kdrive/ephyr/ephyrglxext.c b/hw/kdrive/ephyr/ephyrglxext.c
index dae22fc..ce66fe0 100644
--- a/hw/kdrive/ephyr/ephyrglxext.c
+++ b/hw/kdrive/ephyr/ephyrglxext.c
@@ -357,7 +357,7 @@ ephyrGLXQueryServerString(__GLXclientState * a_cl, GLbyte * a_pc)
ClientPtr client = a_cl->client;
xGLXQueryServerStringReq *req = (xGLXQueryServerStringReq *) a_pc;
xGLXQueryServerStringReply reply;
- char *server_string = NULL, *buf = NULL;
+ char *server_string = NULL;
int length = 0;
EPHYR_LOG("enter\n");
@@ -377,13 +377,6 @@ ephyrGLXQueryServerString(__GLXclientState * a_cl, GLbyte * a_pc)
.n = length
};
- buf = calloc(reply.length << 2, 1);
- if (!buf) {
- EPHYR_LOG_ERROR("failed to allocate string\n;");
- return BadAlloc;
- }
- memcpy(buf, server_string, length);
-
WriteToClient(client, sz_xGLXQueryServerStringReply, &reply);
WriteToClient(client, (int) (reply.length << 2), server_string);
--
1.7.9.2
More information about the xorg-devel
mailing list