Leak in XKeysymToString
Alan Coopersmith
alan.coopersmith at oracle.com
Sun Aug 21 17:48:11 UTC 2022
On 8/20/22 11:47, Thomas Dickey wrote:
> On Sat, Aug 20, 2022 at 09:51:42AM -0700, Alan Coopersmith wrote:
>> Thanks - while gitlab is our preferred method, when that's not possible,
>> we prefer using the xorg-devel mailing list (cc'ed) instead of trying to
>> guess which individual developer to contact.
>>
>> This bug has been previously reported, but no one has developed a good
>> fix yet - I don't know if many XKeysymToString callers keep references to
>> the returned pointers and would be broken if those pointers suddenly had a
>> different string or were invalid due to a realloc() call.
>
> The manpage hints that callers should make a copy of the string,
> since that "static area" implies that the library overwrites the
> data for each call:
>
> The returned string is in a static area and must not be modified. The
> returned string is in the Host Portable Character Encoding. If the
> specified KeySym is not defined, XKeysymToString returns a NULL.
Okay, but we also document that Xlib is thread safe if XInitThreads() has
been called, so both the patch suggested here to keep a static pointer to
a malloc'ed buffer and my suggestion of a global static buffer fail since
calls in different threads would have a race condition over whose answer
got returned. We'd at least need a thread-specific buffer, which it
doesn't look like we've done in Xlib so far.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
More information about the xorg-devel
mailing list