[PATCH 1/3] randr: Fix crash for NULL swap dispatch procs
Alan Coopersmith
alan.coopersmith at oracle.com
Sun Apr 20 12:02:12 PDT 2014
On 04/20/14 11:54 AM, walter harms wrote:
>
>
> Am 19.04.2014 03:29, schrieb Robert Morell:
>> The previous code was checking the wrong table for function pointers.
>>
>> Signed-off-by: Robert Morell <rmorell at nvidia.com>
>> ---
>> randr/randr.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/randr/randr.c b/randr/randr.c
>> index 3c97714d8e1d..6e3f14b4e704 100644
>> --- a/randr/randr.c
>> +++ b/randr/randr.c
>> @@ -679,7 +679,7 @@ static int
>> SProcRRDispatch(ClientPtr client)
>> {
>> REQUEST(xReq);
>> - if (stuff->data >= RRNumberRequests || !ProcRandrVector[stuff->data])
>> + if (stuff->data >= RRNumberRequests || !SProcRandrVector[stuff->data])
>> return BadRequest;
>> return (*SProcRandrVector[stuff->data]) (client);
>> }
>
> hi,
> did you try that ? i am not sure about !SProcRandrVector[stuff->data]. can it really happen
> that certain elements of that array do not exists ?
Absolutely - that's the current case if you look in
http://cgit.freedesktop.org/xorg/xserver/tree/randr/rrsdispatch.c?id=9838b7032ea9792bec21af424c53c07078636d21#n436
The array is declared as having RRNumberRequests (42) entries, but
only the first 31 have values provided, so the remaining 11 are
automatically initialized to NULL by the compiler.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list