andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ephyrGLXQueryServerString: Stop making an unused copy of server_string

Browse Source 
ephyrGLXQueryServerString() carefully allocated a buffer padded to the
word-aligned string length for sending to the client, copied the string
to it, and then forgot to use it, potentially reading a few bytes of
garbage past the end of the server_string buffer.

Since WriteToClient already handles the necessary padding, just send
it the actual length of the original server_string, and don't bother
making a padded copy.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Tested-by: Daniel Stone <daniel@fooishbar.org>
This commit is contained in:
Alan Coopersmith 2012-07-09 19:12:44 -07:00 committed by Keith Packard
parent 7a29f68782
commit 2b1c1300cc
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hw/kdrive/ephyr/ephyrglxext.c
View File

@ -357,7 +357,7 @@ ephyrGLXQueryServerString(__GLXclientState * a_cl, GLbyte * a_pc)
ClientPtr client = a_cl->client;
xGLXQueryServerStringReq *req = (xGLXQueryServerStringReq *) a_pc;
xGLXQueryServerStringReply reply;
char *server_string = NULL, *buf = NULL;
char *server_string = NULL;
int length = 0;
EPHYR_LOG("enter\n");
@ -377,13 +377,6 @@ ephyrGLXQueryServerString(__GLXclientState * a_cl, GLbyte * a_pc)
.n = length
};
buf = calloc(reply.length << 2, 1);
if (!buf) {
EPHYR_LOG_ERROR("failed to allocate string\n;");
return BadAlloc;
}
memcpy(buf, server_string, length);
WriteToClient(client, sz_xGLXQueryServerStringReply, &reply);
WriteToClient(client, (int) (reply.length << 2), server_string);
@ -394,9 +387,6 @@ ephyrGLXQueryServerString(__GLXclientState * a_cl, GLbyte * a_pc)
free(server_string);
server_string = NULL;
free(buf);
buf = NULL;
return res;
}