[Xcb] [PUSHED] [PATCH libxcb 1/1] Fix handling of align-pads in end-iterators

Christian Linhart chris at DemoRecorder.com
Tue Jan 5 17:26:37 PST 2016 

Hi,

I have pushed this bugfix-patch.
It has got more than enough time for review, so review by crickets applies.

Cheers,

Chris



On 2015-11-10 12:53, Christian Linhart wrote:
> If a list is preceded by an align-pad, then
> accessor for the end-iterator returned a wrong
> value.
>
> Reason: the length of the align-iterator was added
> to a pointer of list-member type. Therefore, the length
> was multiplied by the size of the list-member type,
> due to C pointer arithmetic rules.
>
> This has looked like the following, e.g., in
> xcb_randr_get_crtc_transform_pending_params_end:
>
> i.data = ((xcb_render_fixed_t *) prev.data) + ((-prev.index) & (4 - 1)) + (R->pending_nparams);
>
> This bug was introduced with the following commit:
> http://cgit.freedesktop.org/xcb/libxcb/commit/?id=4033d39d4da21842bb1396a419dfc299591c3b1f
>
> The fix handles this by casting to char* before adding the align,
> and then casting the result to the member type.
>
> Signed-off-by: Christian Linhart <chris at demorecorder.com>
> ---
>  src/c_client.py | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/c_client.py b/src/c_client.py
> index c38b434..5d01289 100644
> --- a/src/c_client.py
> +++ b/src/c_client.py
> @@ -1942,16 +1942,17 @@ def _c_accessors_list(self, field):
>  
>              if align_pad is None:
>                  align_pad = ('XCB_TYPE_PAD(%s, prev.index)' %
>                      type_pad_type(field.first_field_after_varsized.type.c_type))
>  
>              _c('    xcb_generic_iterator_t prev = %s;',
>                  _c_iterator_get_end(prev_varsized_field, 'R'))
> -            _c('    i.data = ((%s *) prev.data) + %s + (%s);', field.type.c_wiretype,
> -                align_pad, _c_accessor_get_expr(field.type.expr, fields))
> +            _c('    i.data = ((%s *) ((char*) prev.data + %s)) + (%s);',
> +                field.type.c_wiretype, align_pad,
> +                _c_accessor_get_expr(field.type.expr, fields))
>  
>          _c('    i.rem = 0;')
>          _c('    i.index = (char *) i.data - (char *) %s;', param)
>          _c('    return i;')
>          _c('}')
>  
>      else:

More information about the Xcb mailing list