AW: AW: Preparing for libX11 1.7.0

Thu Nov 19 16:32:41 UTC 2020

I would ask to wait before releasing a new version.
Actually i had no time the check that, maybe they are all fixed now.
NTL we should investigate and fix.

btw:gcc has some warnings for xts also

Vittorio Zecca reportet that xts5 finds some more issues.
SUMMARY: AddressSanitizer: heap-use-after-free /home/vitti/rpmbuil/SOURCES/libX11-1.6.12/src/DrPoint.c:47 in XDrawPoint
SUMMARY: AddressSanitizer: heap-use-after-free /home/vitti/rpmbuild/SOURCES/libX11-1.6.12/src/SetClMask.c:40 in XSetClipMask
SUMMARY: AddressSanitizer: heap-use-after-free /home/vitti/rpmbuild/SOURCES/libX11-1.6.12/src/CrGC.c:339 in XFlushGC
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/vitti/libasan.so+0x39dd2) in __interceptor_memcpy
SUMMARY: AddressSanitizer: double-free (/home/vitti/libasan.so+0xab0c7) in __interceptor_free
SUMMARY: AddressSanitizer: heap-use-after-free /home/vitti/rpmbuild/SOURCES/libX11-1.6.12/src/DrLine.c:50 in XDrawLine
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/vitti/libasan.so+0x589c2) in __interceptor_strncpy
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/vitti/libasan.so+0x39dd2) in __interceptor_memcpy
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/vitti/libasan.so+0x39dd2) in __interceptor_memcpy
SUMMARY: AddressSanitizer: heap-use-after-free /home/vitti/rpmbuild/SOURCES/libX11-1.6.12/src/DrLine.c:50 in XDrawLine

SUMMARY: AddressSanitizer: heap-use-after-free /home/vitti/rpmbuild/SOURCES/libX11-1.6.12/src/QuExt.c:43 in XQueryExtension

________________________________________
Von: Keith Packard <keithp at keithp.com>
Gesendet: Dienstag, 17. November 2020 03:11
An: Alan Coopersmith; Walter Harms; Matthieu Herrb; xorg-devel at lists.freedesktop.org
Cc: Vittorio Zecca
Betreff: Re: AW: Preparing for libX11 1.7.0

Alan Coopersmith <alan.coopersmith at oracle.com> writes:

> https://lists.x.org/archives/xorg/2020-November/060510.html

I've reviewed this message and believe that this issue has already been
fixed on Xlib master -- Jacek Caban provided a set of fixes over three
years ago which have been merged along with some small additional work I
did as well:

        https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/56

This series gives up on ever freeing locale information due to Xlib API
design issues, so it's likely to avoid accessing something after it has
been freed.

--
-keith