[PATCH] Bugfix for "Pre-validate ChangeGC XIDs": off-by-one in loop index.

Jeremy Huddleston jeremyhu at apple.com
Fri May 14 11:27:31 PDT 2010 

On May 14, 2010, at 11:19, Jamey Sharp wrote:

>> (gdb) print vals
>> $3 = {{
>>    val = 2750440,
>>    ptr = 0x10029f7e8
>>  }, {
>>    val = 0,
>>    ptr = 0x100000000
>>  }, ...}
> 
> vals[1].val correctly got set to FALSE, but vals[0].val did not get
> set to IncludeInferiors (1).
> 
> I'd expect to see this result with yesterday's master. Are you sure
> you're testing with my patch? :-)

Yep:

ChangeGCXIDs (client=0x103f0f9c0, pGC=0x1101311f0, mask=98304, pC32=0x103edac90) at gc.c:438
438	    if (mask & ~((1 << (GCLastBit + 1)) - 1))
(gdb) bt
#0  ChangeGCXIDs (client=0x103f0f9c0, pGC=0x1101311f0, mask=98304, pC32=0x103edac90) at gc.c:438
#1  0x000000010015ab7e in dixChangeGC (client=0x103f0f9c0, pGC=0x1101311f0, mask=98304, pC32=0x103edac90, pUnion=0x0) at gc.c:473
#2  0x000000010015ae7a in CreateGC (pDrawable=0x10074cc00, mask=98304, pval=0x103edac90, pStatus=0x103edacac, gcid=0, client=0x103f0f9c0) at gc.c:560
#3  0x0000000100190f90 in miDCMakeGC (pWin=0x10074cc00) at midispcur.c:422
#4  0x0000000100192005 in miDCDeviceInitialize (pDev=0x1101301a0, pScreen=0x10123c3e0) at midispcur.c:790
#5  0x00000001001a2f60 in miSpriteDeviceCursorInitialize (pDev=0x1101301a0, pScreen=0x10123c3e0) at misprite.c:943
#6  0x0000000100198834 in miPointerDeviceInitialize (pDev=0x1101301a0, pScreen=0x10123c3e0) at mipointer.c:271
#7  0x00000001001389a6 in ActivateDevice (dev=0x1101301a0, sendevent=1 '\001') at devices.c:470
#8  0x0000000100138da7 in InitCoreDevices () at devices.c:603
#9  0x0000000100130039 in dix_main (argc=4, argv=0x7fff5fbfdb20, envp=0x7fff5fbfd9c0) at main.c:254
#10 0x0000000100018d6f in server_thread (arg=0x1007379a0) at quartzStartup.c:63
#11 0x00007fff879fb456 in _pthread_start ()
#12 0x00007fff879fb309 in thread_start ()
(gdb) n
443	    for (i = Ones(mask); --i; )
(gdb) 
444		vals[i].val = pC32[i];
(gdb) 
443	    for (i = Ones(mask); --i; )
(gdb) 
445	    for (i = 0; i < sizeof(xidfields) / sizeof(*xidfields); ++i)

More information about the xorg-devel mailing list