[PATCH xserver] glx: Erase glx client private before using

Keith Packard keithp at keithp.com
Thu Aug 3 15:50:25 UTC 2017


Adam Jackson <ajax at nwnk.net> writes:

>
> I beg your pardon?
>
>     if (!dixRegisterPrivateKey
>         (&glxClientPrivateKeyRec, PRIVATE_CLIENT, sizeof(__GLXclientState)))
>         return;
>
> Client privates aren't pre-zeroed? I was pretty sure they were.

Nope:

...
    clients[i] = client =
        dixAllocateObjectWithPrivates(ClientRec, PRIVATE_CLIENT);
...
#define dixAllocateObjectWithPrivates(t, type) (t *) _dixAllocateObjectWithPrivates(sizeof(t), sizeof(t), offsetof(t, devPrivates), type)
...
void *
_dixAllocateObjectWithPrivates(unsigned baseSize, unsigned clear,
                               unsigned offset, DevPrivateType type)
...
    object = malloc(totalSize);
    if (!object)
        return NULL;

    memset(object, '\0', clear);

I could easily be convinced that this is a bug and that
_dixAllocateObjectWithPrivates should clear the entire object and
privates out, as I was also surprised to see this.

The only "weird" user of this stuff is colormaps, which allocates the
colormap storage with the base object, to which privates are appended; I
don't think that's relevant.

-- 
-keith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20170803/b653b883/attachment.sig>


More information about the xorg-devel mailing list