[PATCH] os: Make sure big requests have sufficient length.
Michal Srb
msrb at suse.com
Tue Oct 10 06:48:16 UTC 2017
On pondělí 9. října 2017 17:14:44 CEST Eric Anholt
> I tried the updated testcase and that didn't crash for me, either. My
> v2 (which I've now sent out) testcase times out in 30 seconds without
> the fix and passes with the fix. I'd love your review if you like that
> as a solution.
PolyLine is not crashing because it has `if (npoint > 1)` test and the
`npoint` (int) overflowed into negative numbers.
If you change the XCB_POLY_LINE into XCB_POLY_RECTANGLE in your test it is
enough to crash X server on my machine.
Michal Srb
More information about the xorg-devel
mailing list