[PATCH xserver] glx: Erase glx client private before using
Peter Harris
pharris at opentext.com
Thu Aug 3 16:12:08 UTC 2017
On 2017-08-03 11:50 AM, Keith Packard wrote:
> Adam Jackson <ajax at nwnk.net> writes:
>
>>
>> I beg your pardon?
>>
>> if (!dixRegisterPrivateKey
>> (&glxClientPrivateKeyRec, PRIVATE_CLIENT, sizeof(__GLXclientState)))
>> return;
>>
>> Client privates aren't pre-zeroed? I was pretty sure they were.
>
> Nope:
>
> ...
> clients[i] = client =
> dixAllocateObjectWithPrivates(ClientRec, PRIVATE_CLIENT);
> ...
> #define dixAllocateObjectWithPrivates(t, type) (t *) _dixAllocateObjectWithPrivates(sizeof(t), sizeof(t), offsetof(t, devPrivates), type)
> ...
> void *
> _dixAllocateObjectWithPrivates(unsigned baseSize, unsigned clear,
> unsigned offset, DevPrivateType type)
> ...
> object = malloc(totalSize);
> if (!object)
> return NULL;
>
> memset(object, '\0', clear);
...
privates = (PrivatePtr) (((char *) object) + baseSize);
devPrivates = (PrivatePtr *) ((char *) object + offset);
_dixInitPrivates(devPrivates, privates, type);
which in turn calls
memset(addr, '\0', global_keys[type].offset);
(where addr is "privates").
> I could easily be convinced that this is a bug and that
> _dixAllocateObjectWithPrivates should clear the entire object and
> privates out, as I was also surprised to see this.
I could easily be convinced that client structures are re-used; I
haven't checked that path.
Peter Harris
--
Open Text Connectivity Solutions Group
Peter Harris http://connectivity.opentext.com/
Research and Development Phone: +1 905 762 6001
pharris at opentext.com Toll Free: 1 877 359 4866
More information about the xorg-devel
mailing list