[Xcb] [PATCH libX11] xcb_io: Fix Xlib 32-bit request number wrapping bug

Jonas Petersen jnsptrsn1 at gmail.com
Wed Aug 6 13:49:46 PDT 2014 

Hi Jan,

thanks for pushing this.

I spent really a lot of time (weeks) tracking this down and finding a 
solution. Digging down the depths of the operating system, while 
actually writting application software. The result is the mentioned 
patch. I then posted it here. I think there is approval that the fix 
actually does work. Then there was starting some discussion about 
implementation details, optimization and possible further problems at 
other locations.

At some point I had to take a break, since this had cost me already so 
much time. Sorry about that. It's to bad this is still pending.

If nothing happens I might be willing to spend another small amount of 
time to help completing this. But my time is limited. I can not promise 
anything.

I think this bug is quite serious. It suddenly kills programs without 
asking out of nowhere. And it's patient.

By the way, my software now runs on 64-bit, so luckily I'm not affected 
anymore (hopefully). But there's probably still plenty of 32-bit systems 
endangered by this.

Have you seen? Keith posted a program to reproduce the bug (or confirm 
that the patch works) as fast as possible:

/* cc -o nop nop.c `pkg-config --cflags --libs x11` */
#include    <stdio.h>
#include    <stdint.h>
#include    <X11/Xlib.h>

int
main (int argc, char **argv)
{
	uint64_t	i = 0;
	Display *dpy = XOpenDisplay(NULL);

	for (;;) {
		++i;
		if ((i & 0xfffffff) == 0) {
			XFlush(dpy);
			printf ("0x%llx\n", i);
		}
		XNoOp(dpy);
	}
}


Regards
Jonas




Am 29.07.2014 um 18:56 schrieb Jan Smout:
> Hi all,
>
> I recently stumbled into an application that crashed because of this:
> https://bugs.freedesktop.org/show_bug.cgi?id=71338
>
> and quickly found the following patch:
> http://patchwork.freedesktop.org/patch/16753/
>
> which seems to work fine (the application used to crash in less than 
> 24 hrs. Has been running for 5 days straight with the patch).
>
>
> Now my question: what is the status of this patch? Are there still 
> details to be clarified before it can be put into the main tree?
>
>
> best regards,
> Jan
> -- 
> Life is complex, it has a real part and an imaginary part.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x.org/archives/xorg-devel/attachments/20140806/70a9f57d/attachment.html>

More information about the xorg-devel mailing list