XCreatePixmap returns BadAlloc for a 8300 wide image in latest git
Barry Scott
barry.scott at onelan.co.uk
Tue Jun 19 07:51:24 PDT 2007
Barry Scott wrote:
> Alan Coopersmith wrote:
>
>> Barry Scott wrote:
>>
>>> The limit on pixmap size used to be 32767 (32768?) but our code is
>>> getting
>>> a BadAlloc of a pixmap that is 8300 wide.
>>>
>>> Why has the limit been changed and why can't it be set back to its
>>> original limit?
>>>
>> This may be a bug in the pixmap overflow security fixes from 2005 - I
>> know
>> one of our engineers working on the cfb version of the fixes found
>> that they
>> over-limited by a factor of 4 because they checked the PaddedByte size
>> instead of the pixel width, so limited 32-bit pixmaps to a width of
>> 8191 instead of 32767.
>>
>>
> 2005? This change happened between Xorg 7.2 and latest git. Has this
> security fix
> been made recently?
>
>
I see the fix from 2005. I guess that with newer config I'm using cfb
instead of
one of the other createPixmap implementations that don't have the bug.
I take it that this patch is required to fix the API:
diff --git a/cfb/cfbpixmap.c b/cfb/cfbpixmap.c
index 6fdf3ea..2651615 100644
--- a/cfb/cfbpixmap.c
+++ b/cfb/cfbpixmap.c
@@ -77,7 +77,7 @@ cfbCreatePixmap (pScreen, width, height,
paddedWidth = PixmapBytePad(width, depth);
- if (paddedWidth / 4 > 32767 || height > 32767)
+ if (width > 32767 || height > 32767)
return NullPixmap;
datasize = height * paddedWidth;
pPixmap = AllocatePixmap(pScreen, datasize);
Can someone apply this to git?
Barry
More information about the xorg
mailing list