[Xcb] PATCH: XCBGenerateID segfaults if called with NULL

Travis Spencer tspencer at cs.pdx.edu
Mon Jul 18 12:03:36 EST 2005

I think I read on the Wiki somewhere or in the mailing list archive
that XCB is built in a way that it puts the responsibility of
validating input on the calling application.  If the application
doesn't want to segfault, then make sure it never calls XCBGenerateID,
for example, with a NULL XCBConnection pointer.  Am I remembering

If I'm not, then XCBGenerateID will indeed segfault when given a NULL
pointer.  The attached patch prevents this, and adds a comment about
why a similar test isn't needed before using the return value of

I'm not sure what XCBGenerateID is supposed to return on error; the
XCB API document on the Wiki didn't say, and I could tell from the
code.  So, I returned -1.

Also, the whitespace in this file seems a little bit odd.  Its a mix of
tabs and spaces.  What is the standard exactly?  Please say 1 hard tab
of width 4 -- though I know you wont :(



Travis Spencer

Index: xcb_xid.c
RCS file: /cvs/xcb/xcb/src/xcb_xid.c,v
retrieving revision 1.5
diff -u -p -w -r1.5 xcb_xid.c
--- xcb_xid.c	7 Nov 2004 04:59:32 -0000	1.5
+++ xcb_xid.c	18 Jul 2005 01:51:12 -0000
@@ -36,10 +36,21 @@
 CARD32 XCBGenerateID(XCBConnection *c)
     CARD32 ret;
+    if (! c)
+        return -1;
     if(c->xid.last == c->xid.max)
 	    XCBXCMiscGetXIDRangeRep *range;
+	    /*
+	        After assigning the result of XCBXCMiscGetXIDRangeRep to
+	        range, the pointer will never be NULL because the
+	        function's return value is a pointer to static data.  So,
+	        dereferencing it is always safe.
+	    */
 	    range = XCBXCMiscGetXIDRangeReply(c, XCBXCMiscGetXIDRange(c), 0);
 	    c->xid.last = range->start_id;
 	    c->xid.max = range->start_id + (range->count - 1) * c->xid.inc;

More information about the xcb mailing list