PATCH: Fix excessive stack usage in dixfonts.c

[Indan Zupancic]

Hello,

Short version:

- ulimit -s 512
- doListFontsAndAliases() in dixfonts.c uses ALLOCATE_LOCAL
  to allocate more than 512 Kb.

Result: mysterious X crash when doing certain things,
        like starting OpenOffice.

Fix:

--- dix/dixfonts.c.orig	2007-05-01 03:03:20.000000000 +0200
+++ dix/dixfonts.c	2007-05-01 03:03:33.000000000 +0200
@@ -781,7 +781,7 @@ finish:
     reply.nFonts = nnames;
     reply.sequenceNumber = client->sequence;

-    bufptr = bufferStart = (char *) ALLOCATE_LOCAL(reply.length << 2);
+    bufptr = bufferStart = (char *) xalloc(reply.length << 2);

     if (!bufptr && reply.length) {
 	SendErrorToClient(client, X_ListFonts, 0, 0, BadAlloc);
@@ -806,7 +806,7 @@ finish:
     client->pSwapReplyFunc = ReplySwapVector[X_ListFonts];
     WriteSwappedDataToClient(client, sizeof(xListFontsReply), &reply);
     (void) WriteToClient(client, stringLens + nnames, bufferStart);
-    DEALLOCATE_LOCAL(bufferStart);
+    xfree(bufferStart);

 bail:
     if (c->slept)


As apparently no one sets the stack limit so low, I seemed the only one
with a strange crashing X. :-(

Perhaps all ALLOCATE_LOCAL() users should be checked that they only do
limited constant size allocations instead of arbirarily big ones.
Or maybe do the sane safe thing, and replace them all with xalloc/malloc.

Long version: See attachment.

Greetings,

Indan


P.S. Why is the list subscribers only? Good spamfilter + moderation
should be plenty.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: X-backtrace
Type: application/octet-stream
Size: 2820 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20070501/83dda99f/attachment.obj>