[Xcb] PATCH: XCBGenerateID segfaults if called with NULL
Travis Spencer
tspencer at cs.pdx.edu
Mon Jul 18 12:03:36 EST 2005
I think I read on the Wiki somewhere or in the mailing list archive
that XCB is built in a way that it puts the responsibility of
validating input on the calling application. If the application
doesn't want to segfault, then make sure it never calls XCBGenerateID,
for example, with a NULL XCBConnection pointer. Am I remembering
right?
If I'm not, then XCBGenerateID will indeed segfault when given a NULL
pointer. The attached patch prevents this, and adds a comment about
why a similar test isn't needed before using the return value of
XCBXCMiscGetXIDRangeReply.
I'm not sure what XCBGenerateID is supposed to return on error; the
XCB API document on the Wiki didn't say, and I could tell from the
code. So, I returned -1.
Also, the whitespace in this file seems a little bit odd. Its a mix of
tabs and spaces. What is the standard exactly? Please say 1 hard tab
of width 4 -- though I know you wont :(
--
Regards,
Travis Spencer
Index: xcb_xid.c
===================================================================
RCS file: /cvs/xcb/xcb/src/xcb_xid.c,v
retrieving revision 1.5
diff -u -p -w -r1.5 xcb_xid.c
--- xcb_xid.c 7 Nov 2004 04:59:32 -0000 1.5
+++ xcb_xid.c 18 Jul 2005 01:51:12 -0000
@@ -36,10 +36,21 @@
CARD32 XCBGenerateID(XCBConnection *c)
{
CARD32 ret;
+
+ if (! c)
+ return -1;
+
pthread_mutex_lock(&c->xid.lock);
if(c->xid.last == c->xid.max)
{
XCBXCMiscGetXIDRangeRep *range;
+
+ /*
+ After assigning the result of XCBXCMiscGetXIDRangeRep to
+ range, the pointer will never be NULL because the
+ function's return value is a pointer to static data. So,
+ dereferencing it is always safe.
+ */
range = XCBXCMiscGetXIDRangeReply(c, XCBXCMiscGetXIDRange(c), 0);
c->xid.last = range->start_id;
c->xid.max = range->start_id + (range->count - 1) * c->xid.inc;
More information about the xcb
mailing list