[PATCH libX11] MakeBigReq: don't move the last word, already handled by Data32
Alan Coopersmith
alan.coopersmith at oracle.com
Fri Mar 8 17:43:23 PST 2013
On 02/17/13 05:25 PM, Peter Hutterer wrote:
> From: Karl Tomlinson <xmail at karlt.net>
>
> MakeBigReq inserts a length field after the first 4 bytes of the request
> (after req->length), pushing everything else back by 4 bytes.
>
> The current memmove moves everything but the first 4 bytes back.
> If a request aligns to the end of the buffer pointer when MakeBigReq is
> invoked for that request, this runs over the buffer.
> Instead, we need to memmove minus the first 4 bytes (which aren't moved),
> minus the last 4 bytes (so we still align to the previous tail).
>
> The 4 bytes that fell out are already handled with Data32, which will handle
> the buffermax correctly.
>
> The case where req->length = 1 was already not functional.
>
> Reported by Abhishek Arya <inferno at chromium.org>.
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=803762
>
> Reviewed-by: Jeff Muizelaar <jmuizelaar at mozilla.com>
> Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
Fixed the patch to still apply after my WORD64 removal deleted one of the
clauses you were updating and pushed to git master.
Thanks for the fix.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list