[PATCH v4 xserver] test: Add a test for the overflow bug in bigreqs.

Eric Anholt eric at anholt.net
Mon Oct 30 22:36:43 UTC 2017


Peter Hutterer <peter.hutterer at who-t.net> writes:

> From: Eric Anholt <eric at anholt.net>
>
> The failing struct comes from the python test written by Michal Srb
> <msrb at suse.com>.
>
> v2: Use a drawable (root window) and gc, so that PolyLines hopefully
>     actually tries processing things.  However, the request seems to
>     process successfully so the poll() just stalls out.  However, this
>     does let us distinguish between detecting the bigrequests error
>     and not, at least.
> v3: Clean up the description of what we expect the poll() call to do.
> v4: change to use XISelectEvents
>
> Signed-off-by: Eric Anholt <eric at anholt.net>
> Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
> ---
> Couldn't get v3 to crash here, even after changing to PolyRectangle. But I
> found an easy to trigger test in XI2 - we know the server replies with
> BadValue for a zero num_masks argument. So if we send a bigreq with a
> num_masks 0 and a length 0, we can just check whether we get killed (good)
> or a BadValue (bad). It doesn't test for specific memory overflows or
> crashes, but based on the assumption that we shouldn't look at *any* BigReq
> of size 0, this seems to be sufficient.

Your changes look good to me.  Want to push?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20171030/dc539789/attachment.sig>


More information about the xorg-devel mailing list