[PATCH] os: Make sure big requests have sufficient length.
Michal Srb
msrb at suse.com
Tue Sep 26 08:22:05 UTC 2017
On pondělí 25. září 2017 12:55:47 CEST Eric Anholt wrote:
> Michal Srb <msrb at suse.com> writes:
> > I think if you supply valid Drawable and GC, you should get crash even
> > with little endian.
>
> I tried creating a gc against the root window and doing the drawing
> there, but the request seems to process successfully. bigreq branch
> updated with that code.
Ok, looks like PolyLine does not crash because the `int npoint` inside
ProcPolyLine becomes negative and so it doesn't actually call the rendering
function. So PolyLine can not be used to crash X server if the client has same
endianity.
You can use PolyRectangle instead. The attached program crashes my X server
reliably.
Michal Srb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crashme.c
Type: text/x-csrc
Size: 2995 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20170926/2a9ee1b3/attachment.c>
More information about the xorg-devel
mailing list