XGetDeviceControl inconsistency

Dave Airlie airlied at gmail.com
Sun May 26 16:54:10 PDT 2013


So reviewing the libXi security fix made me double take, there was a
few lines like

            if (sizeof(xDeviceAbsCalibState) > nbytes)
                goto out;
            size += sizeof(XDeviceAbsCalibState);

Now either size is always 0 going into this, in which case why += or
the check before is wrong.

Looking at the code size seems to be always 0, so why the +=, was
there a possibility of this looping at some point?

Don't think there's a bug it was just something that made me have to
check twice.

Dave.


More information about the xorg-devel mailing list