Fix for CVE-2007-1667 causes XCreateImage-1 testcase failure?
Geoff Clare
gwc at opengroup.org
Wed May 9 03:42:10 PDT 2007
Alan Coopersmith <alan.coopersmith at Sun.COM> wrote, on 07 May 2007:
>
> Since applying the fix for CVE-2007-1667 to our Xlib, which validates the
> bytes_per_line is large enough (which wasn't done before) our QA is now
> reporting that the XCreateImage-1 testcase fails. (They're running VSW5,
> but XTS5 appears to be the same, with the bytes_per_line hardcoded to 11:
> http://cvsweb.freedesktop.org/xtest/xts5/tset/Xlib17/crtimg/crtimg.m?revision=1.2&view=markup
> )
>
> Is this a bug in the test suite?
Yes.
> Any reason the test suite shouldn't set
> bytes_per_line to 0 to allow the library to calculate the correct value?
The tests need to cover the use of XCreateImage() with zero and
non-zero bytes_per_line values. The zero case is specifically
tested in test 3, so the non-zero case needs to be covered by test 1.
I believe the attached patch should cure the problem. It calculates
a valid bytes_per_line value for each visual. I have also moved the
cleanup lines to prevent the SIGSEGV if XCreateImage() returns NULL.
I will wait a couple of days for any feedback before committing the
change to CVS.
--
Geoff Clare <g.clare at opengroup.org>
The Open Group, Thames Tower, Station Road, Reading, RG1 1LX, England
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crtimg.m.patch
Type: text/x-diff
Size: 2150 bytes
Desc: not available
Url : http://lists.x.org/archives/xorg-test/attachments/20070509/31703577/attachment.patch
More information about the xorg-test
mailing list