[PATCH xserver 0/3] Prevent access to freed input buffer.
rami.ylimaki at vincit.fi
Mon Oct 3 05:16:24 PDT 2011
Some requests peek the client input buffer even after the request
handler has returned. For example, RecordEnableContext calls
IgnoreClient for the connection that originates the request, but also
installs callbacks that keep sending data to the connection until
RecordDisableContext is called from another connection. The callbacks
also assume that they can fetch the latest request op-codes from the
client input buffer (in RecordAReply), which is usually true for
recorded clients, but fails for recording clients.
Rami Ylimäki (3):
os: Collect copy-pasted code into functions.
os: Allow requests to preseve client input buffers for a longer time.
record: Preserve client input buffer for RecordEnableContext request.
include/os.h | 2 +
os/connection.c | 7 +++
os/io.c | 141 ++++++++++++++++++++++++++++++++-----------------------
os/osdep.h | 4 ++
record/record.c | 7 +++
5 files changed, 102 insertions(+), 59 deletions(-)
More information about the xorg-devel