[Xcb-commit] libxcb: src
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Sun Jul 23 10:51:25 UTC 2023
src/c_client.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 038636786ad1914f3daf3503ae9611f40dffbb8f
Author: Ilya Pominov <ipominov at astralinux.ru>
Date: Sun Apr 2 11:35:16 2023 +0300
c_client: Fix crash in xcb_randr_set_monitor
Take into account c_need_sizeof when evaluating
xcb_protocol_request_t.count
Incorrect xcb_protocol_request_t.count causes a segmentation fault when
calling functions:
- xcb_randr_set_monitor{_checked}
- xcb_input_change_feedback_control{_checked}
- xcb_input_change_device_control{_unchecked}
Steps to reproduce:
Call xcb_randr_set_monitor() with valid arguments
OBSERVED RESULT
Segmentation fault
```
Process terminating with default action of signal 11 (SIGSEGV)
Access not within mapped region at address 0x780
at 0x4852925: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-
amd64-linux.so)
by 0x486967C: memcpy (string_fortified.h:29)
by 0x486967C: send_request (xcb_out.c:59)
by 0x486967C: send_request (xcb_out.c:46)
by 0x486967C: xcb_send_request_with_fds64 (xcb_out.c:338)
by 0x48699FC: xcb_send_request (xcb_out.c:359)
by 0x4891F11: xcb_randr_set_monitor_checked (randr.c:5350)
```
EXPECTED RESULT
Function returns cookie
Amend: 77b594f9583ea0247ff27130316d8e045da7f921
Signed-off-by: Ilya Pominov <ipominov at astralinux.ru>
diff --git a/src/c_client.py b/src/c_client.py
index 0213d01..182b5de 100644
--- a/src/c_client.py
+++ b/src/c_client.py
@@ -2340,7 +2340,7 @@ def _c_request_helper(self, name, void, regular, aux=False, reply_fds=False):
for field in param_fields:
if not field.type.fixed_size() and field.wire:
count = count + 2
- if field.type.c_need_serialize:
+ if field.type.c_need_serialize or field.type.c_need_sizeof:
# _serialize() keeps track of padding automatically
count -= 1
dimension = count + 2
More information about the xcb-commit
mailing list