[PATCH xserver] xkb: Initialize pad bytes sent in replies of geometry requests.
Peter Hutterer
peter.hutterer at who-t.net
Wed Mar 16 17:52:33 PDT 2011
On Wed, Mar 16, 2011 at 10:35:22AM +0200, Rami Ylimäki wrote:
> On 03/16/2011 02:43 AM, Peter Hutterer wrote:
> >
> >>- memcpy(&wire[2],str,len);
> >>- wire+= ((2+len+3)/4)*4;
> >>+ paddedLen= pad_to_int32(sizeof(len)+len)-sizeof(len);
> >>+ strncpy(&wire[sizeof(len)],str,paddedLen);
> >>+ wire+= sizeof(len)+paddedLen;
>
> >looking at this again, does this really fix the issue?
>
> Yes, I have verified it with Valgrind.
>
> >assuming a string of strlen 11, paddedLen is 14.
> >strncpy will copy 12 bytes (strlen + \0), so you write 14 bytes in total but
> >advance wire by 16 bytes. the last 2 are uninitialized.
>
> Not true, strncpy with n=14 copies always exactly 14 bytes. If n
> exceeds the size of source string,
> destination string is padded with null characters.
^ that was the bit I missed, thanks for the clarification.
Cheers,
Peter
More information about the xorg-devel
mailing list