XCreatePixmap returns BadAlloc for a 8300 wide image in latest git

Barry Scott barry.scott at onelan.co.uk
Tue Jun 19 07:51:24 PDT 2007


Barry Scott wrote:
> Alan Coopersmith wrote:
>   
>> Barry Scott wrote:
>>     
>>> The limit on pixmap size used to be 32767 (32768?) but our code is 
>>> getting
>>> a BadAlloc of a pixmap that is 8300 wide.
>>>
>>> Why has the limit been changed and why can't it be set back to its 
>>> original limit?
>>>       
>> This may be a bug in the pixmap overflow security fixes from 2005 - I 
>> know
>> one of our engineers working on the cfb version of the fixes found 
>> that they
>> over-limited by a factor of 4 because they checked the PaddedByte size
>> instead of the pixel width, so limited 32-bit pixmaps to a width of 
>> 8191 instead of 32767.
>>
>>     
> 2005? This change happened between Xorg 7.2 and latest git. Has this 
> security fix
> been made recently?
>
>   
I see the fix from 2005. I guess that with newer config I'm using cfb 
instead of
one of the other createPixmap implementations that don't have the bug.

I take it that this patch is required to fix the API:

diff --git a/cfb/cfbpixmap.c b/cfb/cfbpixmap.c
index 6fdf3ea..2651615 100644
--- a/cfb/cfbpixmap.c
+++ b/cfb/cfbpixmap.c
@@ -77,7 +77,7 @@ cfbCreatePixmap (pScreen, width, height,

     paddedWidth = PixmapBytePad(width, depth);

-    if (paddedWidth / 4 > 32767 || height > 32767)
+    if (width > 32767 || height > 32767)
        return NullPixmap;
     datasize = height * paddedWidth;
     pPixmap = AllocatePixmap(pScreen, datasize);

Can someone apply this to git?

Barry




More information about the xorg mailing list