[PATCH xserver] os: Call FlushClient() before sending FD-passing messages
Giuseppe Bilotta
giuseppe.bilotta at gmail.com
Tue Apr 10 05:29:25 UTC 2018
On Tue, Apr 10, 2018 at 5:14 AM, Keith Packard <keithp at keithp.com> wrote:
>> libxcb stores received file descriptors in the buffer of size 16
>> (XCB_MAX_PASS_FD).
>> Whether it's possible that the X server will send more than 16 fds in a
>> single reply
>> and overflow the libxcb's buffer?
>
> It wouldn't be if the X server were careful in flushing things, but as
> that seems 'hard', we should probably fix xcb. I don't think that's
> terribly urgent as it would take a very strange situation to pass 16 fds
> in a short amount of time, especially in such close proximity as to end
> up not getting a reply that processes any of them in the middle of the
> sequence.
Unless this is done intentionally by a malicious server to overflow
the client's xcb buffer.
--
Giuseppe "Oblomov" Bilotta
More information about the xorg-devel
mailing list