XGetDeviceControl inconsistency

Alan Coopersmith alan.coopersmith at oracle.com
Mon May 27 09:53:17 PDT 2013

On 05/26/13 04:54 PM, Dave Airlie wrote:
> So reviewing the libXi security fix made me double take, there was a
> few lines like
>              if (sizeof(xDeviceAbsCalibState) > nbytes)
>                  goto out;
>              size += sizeof(XDeviceAbsCalibState);
> Now either size is always 0 going into this, in which case why += or
> the check before is wrong.
> Looking at the code size seems to be always 0, so why the +=, was
> there a possibility of this looping at some point?
> Don't think there's a bug it was just something that made me have to
> check twice.

That was a quirk of the existing code that confused me as well at first,
but I left it alone instead of changing all the += to just =.

I wondered if it was just copied from XGetFCtl.c, which does loop, to
XGetDCtl.c, which does not.   Unfortunately, the use of += without a
loop goes back to the initial X11R6.6 git import, so it's hard to say.

	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc

More information about the xorg-devel mailing list