Xlib contract for XEvent up/down-casting
Po Lu
luangruo at yahoo.com
Sun Dec 4 09:11:06 UTC 2022
Jeremy Huddleston Sequoia <jeremyhu at apple.com> writes:
> I've been running XQuartz with ASan+UBSan to try to catch some issues
> some users have reported, and I stumbled across something below GLUT
> (specifically, freeglut 2.8.1), which does:
>
> XConfigureEvent fakeEvent = {0};
> ...
> XPutBackEvent(fgDisplay.Display, (XEvent*)&fakeEvent);
>
> and XPutBackEvent eventually does:
>
> XEvent store = *event;
>
> which overflows the stack on read because:
>
> sizeof(XConfigureEvent) == 88
> sizeof(XEvent) == 192
>
> So the problem is clear, but I'm not sure which side needs to change.
>
> What is the contract for Xlib's APIs that take XEvent *? Is Xlib
> expected to handle any XEvent "subtype", or does it need to be exactly
> an XEvent (ie: is it the client's responsibility to pad it)?
It needs to be an XEvent, since the event ends up back on the event
queue. The client is supposed to pad it.
More information about the xorg-devel
mailing list