[Xcb] [Bug 29412] [regression] unexpected libX11 IOError
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Thu Aug 5 11:24:09 PDT 2010
https://bugs.freedesktop.org/show_bug.cgi?id=29412
--- Comment #4 from Matthieu Herrb <matthieu.herrb at laas.fr> 2010-08-05 11:24:08 PDT ---
I strongly believe that this is the use-after-free problem I reported here:
http://lists.x.org/archives/xorg-devel/2010-July/011225.html
> After updating to libX11 1.3.4, I started seeing window managers or
> toolbar programs exit without reasons when closing windows or pop-ups.
> After a bit of debugging, I figured out that this is caused by
> a use after free bug in _XReply. Most people running Linux won't see it
> because the data in the just free()'d memory is still there. But
> Using OpenBSD's malloc which fills free()'d memory with a specific
> pattern, you get a different code path.
> The proplem arises in xcb_io.c:582. the 'current' pointer can have
> been free()'d already (by dequeue_pending_request() called at line 562)
> when getting there.
> A simple test program to reproduce the issue is appended below: just
> call XGetWindowProperty on a non-existent window.
> Using his favourite malloc debugger one should be able to see the problem
> on Linux too...
> Unfortunatly I'm not sure of what the fix is...
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Xcb
mailing list