[PATCH xserver] xkb: Initialize pad bytes sent in replies of geometry requests.
Daniel Stone
daniel at fooishbar.org
Wed Mar 16 02:51:22 PDT 2011
Hi,
On Wed, Mar 16, 2011 at 10:35:22AM +0200, Rami Ylimäki wrote:
> On 03/16/2011 02:43 AM, Peter Hutterer wrote:
> >
> >>- memcpy(&wire[2],str,len);
> >>- wire+= ((2+len+3)/4)*4;
> >>+ paddedLen= pad_to_int32(sizeof(len)+len)-sizeof(len);
> >>+ strncpy(&wire[sizeof(len)],str,paddedLen);
> >>+ wire+= sizeof(len)+paddedLen;
>
> >looking at this again, does this really fix the issue?
>
> Yes, I have verified it with Valgrind.
>
> >assuming a string of strlen 11, paddedLen is 14.
> >strncpy will copy 12 bytes (strlen + \0), so you write 14 bytes in total but
> >advance wire by 16 bytes. the last 2 are uninitialized.
>
> Not true, strncpy with n=14 copies always exactly 14 bytes. If n
> exceeds the size of source string, destination string is padded with
> null characters. Note that strncpy was used instead of strcpy.
Yeah, it's pretty subtle. I remember staring at it for a while trying
to work out exactly what was going on before I decided it was fixed.
Cheers,
Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.x.org/archives/xorg-devel/attachments/20110316/46e6a193/attachment.pgp>
More information about the xorg-devel
mailing list