[PATCH] os: Make sure big requests have sufficient length.
Eric Anholt
eric at anholt.net
Sun Sep 24 07:20:07 UTC 2017
Michal Srb <msrb at suse.com> writes:
> Here is a script that can be used to crash X server using a broken big request
> for PolyLine. It connects to DISPLAY=:1 and doesn't support authentication.
> Look inside the script for more details.
>
> Other requests could be used to crash X server in similar way, for example
> SetFontPath.
I noticed this still in my mailbox. I tried writing an mergeable unit
test for it at:
https://github.com/anholt/xserver/commit/d0e9d732750aa8eb7eeb33adce321f1dfeef265d
but it doesn't manage to crash the server because I can't set the endian
mode using xcb (and xcb, sensibly, doesn't let me get an fd without
doing connection setup on it).
I don't know much about the codepath with the bug, but hopefully this
sparks some discussion.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20170924/f1df3f02/attachment.sig>
More information about the xorg-devel
mailing list