[Xcb] [Bug 99946] New: xcb_send_event() reads beyond end of argument / is hard to use correctly

Fri Feb 24 17:42:22 UTC 2017

https://bugs.freedesktop.org/show_bug.cgi?id=99946

            Bug ID: 99946
           Summary: xcb_send_event() reads beyond end of argument / is
                    hard to use correctly
           Product: XCB
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Library
          Assignee: xcb at lists.freedesktop.org
          Reporter: psychon at znc.in
        QA Contact: xcb at lists.freedesktop.org

https://bugreports.qt.io/browse/QTBUG-56518 is about valgrind warnings that
occur in Qt. The code in question does basically:

    xcb_unmap_notify_event_t event;
    set all fields of event;
    xcb_send_event(c, false, root, mask, &event);

The problem here is that sizeof(event) is 16 while xcb_send_event() expects 32
bytes of event data. So the argument needs to be "something bigger". This is
quite unintuitive and it seems like everyone using xcb_send_event() is getting
this wrong. (I would claim that I know may way around XCB and I did not know
this!)

Can there be a version of xcb_send_event() which gets a length argument? Are
there any other ideas on how this could be made safer or more obvious?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/xcb/attachments/20170224/49055604/attachment.html>