[PATCH 19/19] ephyrGLXQueryServerString: Stop making an unused copy of server_string

walter harms wharms at bfs.de
Sun Jun 24 14:05:13 PDT 2012


i took a look (read: not compile tested)
and it look good to me.

re,
 wh

Am 24.06.2012 19:25, schrieb Alan Coopersmith:
> ephyrGLXQueryServerString() carefully allocated a buffer padded to the
> word-aligned string length for sending to the client, copied the string
> to it, and then forgot to use it, potentially reading a few bytes of
> garbage past the end of the server_string buffer.
> 
> Since WriteToClient already handles the necessary padding, just send
> it the actual length of the original server_string, and don't bother
> making a padded copy.
> 
> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> ---
>  hw/kdrive/ephyr/ephyrglxext.c |   13 +------------
>  1 file changed, 1 insertion(+), 12 deletions(-)
> 
> diff --git a/hw/kdrive/ephyr/ephyrglxext.c b/hw/kdrive/ephyr/ephyrglxext.c
> index 3eae571..714b81b 100644
> --- a/hw/kdrive/ephyr/ephyrglxext.c
> +++ b/hw/kdrive/ephyr/ephyrglxext.c
> @@ -372,22 +372,11 @@ ephyrGLXQueryServerString(__GLXclientState * a_cl, GLbyte * a_pc)
>              .length = __GLX_PAD(length) >> 2,
>              .n = length
>          };
> -        char *buf;
>  
>          EPHYR_LOG("string: %s\n", server_string);
>  
> -        buf = calloc(reply.length << 2, 1);
> -        if (!buf) {
> -            EPHYR_LOG_ERROR("failed to allocate string\n;");
> -            return BadAlloc;
> -        }
> -        memcpy(buf, server_string, length);
> -
>          WriteToClient(client, sz_xGLXQueryServerStringReply, &reply);
> -        WriteToClient(client, (int) (reply.length << 2), server_string);
> -
> -        free(buf);
> -        buf = NULL;
> +        WriteToClient(client, length, server_string);
>  
>          res = Success;
>      }


More information about the xorg-devel mailing list