[PATCH v4 xserver] test: Add a test for the overflow bug in bigreqs.
Peter Hutterer
peter.hutterer at who-t.net
Wed Nov 1 00:33:16 UTC 2017
On Mon, Oct 30, 2017 at 03:36:43PM -0700, Eric Anholt wrote:
> Peter Hutterer <peter.hutterer at who-t.net> writes:
>
> > From: Eric Anholt <eric at anholt.net>
> >
> > The failing struct comes from the python test written by Michal Srb
> > <msrb at suse.com>.
> >
> > v2: Use a drawable (root window) and gc, so that PolyLines hopefully
> > actually tries processing things. However, the request seems to
> > process successfully so the poll() just stalls out. However, this
> > does let us distinguish between detecting the bigrequests error
> > and not, at least.
> > v3: Clean up the description of what we expect the poll() call to do.
> > v4: change to use XISelectEvents
> >
> > Signed-off-by: Eric Anholt <eric at anholt.net>
> > Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
> > ---
> > Couldn't get v3 to crash here, even after changing to PolyRectangle. But I
> > found an easy to trigger test in XI2 - we know the server replies with
> > BadValue for a zero num_masks argument. So if we send a bigreq with a
> > num_masks 0 and a length 0, we can just check whether we get killed (good)
> > or a BadValue (bad). It doesn't test for specific memory overflows or
> > crashes, but based on the assumption that we shouldn't look at *any* BigReq
> > of size 0, this seems to be sufficient.
>
> Your changes look good to me. Want to push?
done!
d5379b350..14af8bee2 master -> master
Cheers,
Peter
More information about the xorg-devel
mailing list