[PATCH 19/19] ephyrGLXQueryServerString: Stop making an unused copy of server_string
Alan Coopersmith
alan.coopersmith at oracle.com
Sun Jun 24 10:25:26 PDT 2012
ephyrGLXQueryServerString() carefully allocated a buffer padded to the
word-aligned string length for sending to the client, copied the string
to it, and then forgot to use it, potentially reading a few bytes of
garbage past the end of the server_string buffer.
Since WriteToClient already handles the necessary padding, just send
it the actual length of the original server_string, and don't bother
making a padded copy.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
hw/kdrive/ephyr/ephyrglxext.c | 13 +------------
1 file changed, 1 insertion(+), 12 deletions(-)
diff --git a/hw/kdrive/ephyr/ephyrglxext.c b/hw/kdrive/ephyr/ephyrglxext.c
index 3eae571..714b81b 100644
--- a/hw/kdrive/ephyr/ephyrglxext.c
+++ b/hw/kdrive/ephyr/ephyrglxext.c
@@ -372,22 +372,11 @@ ephyrGLXQueryServerString(__GLXclientState * a_cl, GLbyte * a_pc)
.length = __GLX_PAD(length) >> 2,
.n = length
};
- char *buf;
EPHYR_LOG("string: %s\n", server_string);
- buf = calloc(reply.length << 2, 1);
- if (!buf) {
- EPHYR_LOG_ERROR("failed to allocate string\n;");
- return BadAlloc;
- }
- memcpy(buf, server_string, length);
-
WriteToClient(client, sz_xGLXQueryServerStringReply, &reply);
- WriteToClient(client, (int) (reply.length << 2), server_string);
-
- free(buf);
- buf = NULL;
+ WriteToClient(client, length, server_string);
res = Success;
}
--
1.7.9.2
More information about the xorg-devel
mailing list