alan.coopersmith at oracle.com
Mon May 27 09:53:17 PDT 2013
On 05/26/13 04:54 PM, Dave Airlie wrote:
> So reviewing the libXi security fix made me double take, there was a
> few lines like
> if (sizeof(xDeviceAbsCalibState) > nbytes)
> goto out;
> size += sizeof(XDeviceAbsCalibState);
> Now either size is always 0 going into this, in which case why += or
> the check before is wrong.
> Looking at the code size seems to be always 0, so why the +=, was
> there a possibility of this looping at some point?
> Don't think there's a bug it was just something that made me have to
> check twice.
That was a quirk of the existing code that confused me as well at first,
but I left it alone instead of changing all the += to just =.
I wondered if it was just copied from XGetFCtl.c, which does loop, to
XGetDCtl.c, which does not. Unfortunately, the use of += without a
loop goes back to the initial X11R6.6 git import, so it's hard to say.
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel