[PATCH] Xext/xres.c: Possible buffer underrun
Rami Ylimäki
rami.ylimaki at vincit.fi
Mon Jul 23 07:37:27 PDT 2012
On 07/23/2012 03:05 PM, Colin Harrison wrote:
> Hi,
>
> I got a crash at free(counts) in ProcXResQueryClientResources() in
> Xext/xres.c when using client xrestop.
>
> Traced to an out-by-one error in ResFindAllRes() (please check code and
> confirm?).
>
> Fixed, for me (MinGW compilation for Windows), with the patch...
>
> --- ./Xext/save_xres.c 2012-07-10 11:16:44.191904782 +0100
> +++ ./Xext/xres.c 2012-07-16 16:19:50.078292944 +0100
> @@ -274,7 +274,7 @@
> {
> int *counts = (int *) cdata;
>
> - counts[(type & TypeMask) - 1]++;
> + counts[(type & TypeMask)]++;
This would probably send wrong resource counts back to clients. It's
better to just skip any resources with RT_NONE as the resource type.
It'd be also nice to know whether it's acceptable to have RT_NONE
resources in the resource database. StoreFontClientFont seems to add
such resources, but I'm not too familiar with that code.
> }
>
> static int
>
> Thanks,
> Colin Harrison
>
Regards,
Rami Ylimäki
More information about the xorg-devel
mailing list