[PATCH libXfont] Fix buffer read overrun

Alan Coopersmith alan.coopersmith at oracle.com
Fri Apr 18 12:55:58 PDT 2014


On 04/18/14 11:43 AM, Keith Packard wrote:
> Alan Coopersmith <alan.coopersmith at oracle.com> writes:
>
>> glamor/glamor_xv.c:#define MAKE_ATOM(a) MakeAtom(a, sizeof(a) - 1, TRUE)
>> hw/kdrive/src/kinput.c:#define AtomFromName(x) MakeAtom(x, strlen(x), 1)
>> xkb/ddxBeep.c:#define   MAKE_ATOM(a)    MakeAtom(a,sizeof(a)-1,TRUE)
>> xkb/xkbDflts.h:#define GET_ATOM(d,s)    MakeAtom(s,strlen(s),1)
>> xkb/xkbInit.c:#define   CREATE_ATOM(s)  MakeAtom(s,sizeof(s)-1,1)
>
> Those 'sizeof' ones are scary.

They work, as long as you only ever pass a literal string to them, not a
pointer.

> Maybe MakeAtom could take take '0' as "use strlen"?

Seems like a reasonable simplification in the server - hard to use from other
modules (libXfont, drivers, etc.) until you're sure you'll only ever be used
with a server recognizing that.

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc


More information about the xorg-devel mailing list