[PATCH] xkb: fix invalid memory writes in _XkbCopyGeom.
peter.hutterer at who-t.net
Fri Jun 4 01:20:00 PDT 2010
On Fri, Jun 04, 2010 at 03:25:20AM -0400, James Cloos wrote:
> >>>>> "PH" == Peter Hutterer <peter.hutterer at who-t.net> writes:
> PH> for extra fun - this bug is present in pretty all server versions
> PH> since 1.2 but didn't get exposed until the xalloc → malloc
> PH> changes. I just took the 1.7 sources and valgrind didn't
> PH> complain. Changed xalloc to malloc, valgrind gives out.
> PH> Any guesses to why xalloc hides this issue are appreciated.
> Probably due to the alignment and luck.
> Looking at an old checkout, Xalloc() is:
> amount = (amount + (sizeof(long) - 1)) & ~(sizeof(long) - 1);
> ptr = malloc(amount);
my ctags setup jumped me back in the master tree when I wanted to look at
the 1.7 version and I didn't notice. so I assumed Xalloc to be a simple
malloc like it is now...
Thanks for pointing that out, I got rather confused by that.
> Xalloc() will only allocate the same amount of mem as malloc(2)
> when the requested size is one octet more than an exact multiple
> of sizeof(long).
> That was probably rare enough to avoid the bug.
More information about the xorg-devel