[PATCH 19/19] ephyrGLXQueryServerString: Stop making an unused copy of server_string
walter harms
wharms at bfs.de
Sun Jun 24 14:05:13 PDT 2012
i took a look (read: not compile tested)
and it look good to me.
re,
wh
Am 24.06.2012 19:25, schrieb Alan Coopersmith:
> ephyrGLXQueryServerString() carefully allocated a buffer padded to the
> word-aligned string length for sending to the client, copied the string
> to it, and then forgot to use it, potentially reading a few bytes of
> garbage past the end of the server_string buffer.
>
> Since WriteToClient already handles the necessary padding, just send
> it the actual length of the original server_string, and don't bother
> making a padded copy.
>
> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> ---
> hw/kdrive/ephyr/ephyrglxext.c | 13 +------------
> 1 file changed, 1 insertion(+), 12 deletions(-)
>
> diff --git a/hw/kdrive/ephyr/ephyrglxext.c b/hw/kdrive/ephyr/ephyrglxext.c
> index 3eae571..714b81b 100644
> --- a/hw/kdrive/ephyr/ephyrglxext.c
> +++ b/hw/kdrive/ephyr/ephyrglxext.c
> @@ -372,22 +372,11 @@ ephyrGLXQueryServerString(__GLXclientState * a_cl, GLbyte * a_pc)
> .length = __GLX_PAD(length) >> 2,
> .n = length
> };
> - char *buf;
>
> EPHYR_LOG("string: %s\n", server_string);
>
> - buf = calloc(reply.length << 2, 1);
> - if (!buf) {
> - EPHYR_LOG_ERROR("failed to allocate string\n;");
> - return BadAlloc;
> - }
> - memcpy(buf, server_string, length);
> -
> WriteToClient(client, sz_xGLXQueryServerStringReply, &reply);
> - WriteToClient(client, (int) (reply.length << 2), server_string);
> -
> - free(buf);
> - buf = NULL;
> + WriteToClient(client, length, server_string);
>
> res = Success;
> }
More information about the xorg-devel
mailing list