X protocol specs & X.Org Security Advisory: Protocol handling issues in X Window System client libraries

Alan Coopersmith alan.coopersmith at oracle.com
Fri May 24 20:24:25 PDT 2013


Answering some questions about these issues today, I wrote:

     [...] when reviewing these, a lot of them were non obvious unless you had
     the source in one window, the protocol headers in another and the protocol
     spec in a third. This was tedious work to cross-reference and confirm or
     refute each report [...]

which reminded me that huge thanks are also due to Matt & Gaetan and everyone
else who helped getting our documentation modernized.

As tedious as this work was, it was far better than if we had to page through
paper manuals or the old postscript dumps from the old nroff specs - having
html specs online with links to jump directly to the right call encoding or
description made it much faster to see which values could be large enough to
cause overflows, or what values we should be checking to limit the values to.

So once again, thanks for making our specs more usable!

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc


More information about the xorg-devel mailing list