[Xcb] [PATCH libX11] xcb_io: Fix Xlib 32-bit request number wrapping bug

Jan Smout smout.jan at gmail.com
Thu Aug 7 01:42:28 PDT 2014


Hi Jonas,

the reason I am asking this is that I'm trying to push the patch into the
Mageia xlib package - mainly because it is the candidate for putting
realtime applications  the next coming 6/7 years. The requirements are
quite strong: it needs to run 24/7 and is heavy on graphics (one of them
would crash after less than 24 hrs).
Now, even though the application is entirely under my control, the compiler
is not, so I'm stuck with a deprecated 32-bit compiler for this iteration
(before migrating to another compiler).
Now, I had already traced it down to xlib and was traversing the library
code when I found that you had already went down that road. I reviewed your
patch and - provided there are no other hidden dragons - found that it
worked as advertised (using XNoOp as proof of concept and by running my
app). Thanks for the good work btw.

Regarding the seriousness I completely agree. It is an important bug. Other
applications might crash after weeks or months, in which case users will
have a hard time understanding why and might conclude the "OS" is not
stable or anything.

Anyway, for my apps I have no problem - we have custom installs anyways -
but other people might...

So, the only question I have for Keith is: is the patch good enough to be
put into an official linux distribution, while the next xlib release has
not yet been released?

best regards,
Jan
On Aug 6, 2014 10:49 PM, "Jonas Petersen" <jnsptrsn1 at gmail.com> wrote:

>  Hi Jan,
>
> thanks for pushing this.
>
> I spent really a lot of time (weeks) tracking this down and finding a
> solution. Digging down the depths of the operating system, while actually
> writting application software. The result is the mentioned patch. I then
> posted it here. I think there is approval that the fix actually does work.
> Then there was starting some discussion about implementation details,
> optimization and possible further problems at other locations.
>
> At some point I had to take a break, since this had cost me already so
> much time. Sorry about that. It's to bad this is still pending.
>
> If nothing happens I might be willing to spend another small amount of
> time to help completing this. But my time is limited. I can not promise
> anything.
>
> I think this bug is quite serious. It suddenly kills programs without
> asking out of nowhere. And it's patient.
>
> By the way, my software now runs on 64-bit, so luckily I'm not affected
> anymore (hopefully). But there's probably still plenty of 32-bit systems
> endangered by this.
>
> Have you seen? Keith posted a program to reproduce the bug (or confirm
> that the patch works) as fast as possible:
>
> /* cc -o nop nop.c `pkg-config --cflags --libs x11` */
> #include    <stdio.h>
> #include    <stdint.h>
> #include    <X11/Xlib.h>
>
> int
> main (int argc, char **argv)
> {
> 	uint64_t	i = 0;
> 	Display *dpy = XOpenDisplay(NULL);
>
> 	for (;;) {
> 		++i;
> 		if ((i & 0xfffffff) == 0) {
> 			XFlush(dpy);
> 			printf ("0x%llx\n", i);
> 		}
> 		XNoOp(dpy);
> 	}
> }
>
>
> Regards
> Jonas
>
>
>
>
> Am 29.07.2014 um 18:56 schrieb Jan Smout:
>
> Hi all,
>
> I recently stumbled into an application that crashed because of this:
> https://bugs.freedesktop.org/show_bug.cgi?id=71338
>
> and quickly found the following patch:
> http://patchwork.freedesktop.org/patch/16753/
>
>  which seems to work fine (the application used to crash in less than 24
> hrs. Has been running for 5 days straight with the patch).
>
>
> Now my question: what is the status of this patch? Are there still details
> to be clarified before it can be put into the main tree?
>
>
>  best regards,
>  Jan
>  --
> Life is complex, it has a real part and an imaginary part.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x.org/archives/xorg-devel/attachments/20140807/817e7271/attachment-0001.html>


More information about the xorg-devel mailing list