Server crash uploading multiple glyphs at once with XRenderAddGlyphs

Clemens Eisserer linuxhippy at
Thu Aug 20 09:27:18 PDT 2009

Hi Dave,

Should I file a bugreport about this on bugzilla?
What additional data would be useful to track that issue down?
Could this be used as a security whole?

Thanks, Clemens

2009/8/16 Clemens Eisserer <linuxhippy at>

> Hi Dave,
> > Can you get valgrind traces by any chance? not sure we can tell
> > much other than memory got corrupted from this.
> It seems at least for this case, sha1_block_data_order is reading data
> from random locations:
> ==17163== Invalid read of size 4
> ==17163==    at 0x439E91A: sha1_block_data_order (sx86-elf.s:76)
> ==17163==    by 0xFA42F463: ???
> ==17163==  Address 0x4815360 is 0 bytes after a block of size 4,096 alloc'd
> ==17163==    at 0x4028D7E: malloc (vg_replace_malloc.c:207)
> ==17163==    by 0x80AE954: Xalloc (utils.c:1056)
> ==17163==    by 0x80AA42D: AllocateInputBuffer (io.c:1017)
> ==17163==    by 0x80A9545: InsertFakeRequest (io.c:498)
> I had a look at the source but I have a pretty hard time figuring out
> whats going on there :-/
> The crash appears with a quite large framework I am working on, quite
> hard to build your own. I could provide a binary package or wireshark
> protocol if that would help?
> The valgrind log is attached, hope it helps a bit.
> Thanks, Clemens
> PS: I've found another problem when uploading multiple glyphs at once
> causes a memleak. I've attached a short testcase - fills up my 3GB
> pretty quick.
> There's a malloc in CreatePicture which is in some cases never freed,
> called at render.c : 1147.
> But again, I don't understand why it works sometimes and sometimes not :-/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the xorg mailing list