[PATCH v4 xserver] test: Add a test for the overflow bug in bigreqs.

Peter Hutterer peter.hutterer at who-t.net
Wed Nov 1 00:33:16 UTC 2017


On Mon, Oct 30, 2017 at 03:36:43PM -0700, Eric Anholt wrote:
> Peter Hutterer <peter.hutterer at who-t.net> writes:
> 
> > From: Eric Anholt <eric at anholt.net>
> >
> > The failing struct comes from the python test written by Michal Srb
> > <msrb at suse.com>.
> >
> > v2: Use a drawable (root window) and gc, so that PolyLines hopefully
> >     actually tries processing things.  However, the request seems to
> >     process successfully so the poll() just stalls out.  However, this
> >     does let us distinguish between detecting the bigrequests error
> >     and not, at least.
> > v3: Clean up the description of what we expect the poll() call to do.
> > v4: change to use XISelectEvents
> >
> > Signed-off-by: Eric Anholt <eric at anholt.net>
> > Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
> > ---
> > Couldn't get v3 to crash here, even after changing to PolyRectangle. But I
> > found an easy to trigger test in XI2 - we know the server replies with
> > BadValue for a zero num_masks argument. So if we send a bigreq with a
> > num_masks 0 and a length 0, we can just check whether we get killed (good)
> > or a BadValue (bad). It doesn't test for specific memory overflows or
> > crashes, but based on the assumption that we shouldn't look at *any* BigReq
> > of size 0, this seems to be sufficient.
> 
> Your changes look good to me.  Want to push?

done!

   d5379b350..14af8bee2  master -> master

Cheers,
   Peter


More information about the xorg-devel mailing list