Bug 21861 - server crash on possibly malformed xrandr request
Summary: server crash on possibly malformed xrandr request
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Julien Cristau
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
: 21883 22295 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-05-22 00:00 UTC by Bart Massey
Modified: 2009-06-16 05:45 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
log file from server crash (66.12 KB, text/plain)
2009-05-22 00:00 UTC, Bart Massey 		no flags Details
test case for server crash (1.56 KB, text/x-csrc)
2009-05-22 00:01 UTC, Bart Massey 		no flags Details
proposed patch (1.09 KB, patch)
2009-05-22 01:06 UTC, Julien Cristau 		no flags Details | Splinter Review
View All

Description Bart Massey 2009-05-22 00:00:10 UTC 
Created attachment 26086 [details]
log file from server crash

The attached program submitted by a user as part of an XCB bug report will reliably crash my X server.  xdpyinfo reports xorg 1.5.99.1, and xrandr reports version 1.2.  My hardware is an Intel quad-core with a 965GM IIRC.  An Xorg.log is attached.
Comment 1 Bart Massey 2009-05-22 00:01:23 UTC 
Created attachment 26087 [details]
test case for server crash
Comment 2 Julien Cristau 2009-05-22 01:06:35 UTC 
Created attachment 26091 [details] [review]
proposed patch

The client calls RRQueryVersion with 0.0 as version.  That's all sorts of wrong, but we still shouldn't crash...
Comment 3 Julien Cristau 2009-05-22 17:04:41 UTC 
*** Bug 21883 has been marked as a duplicate of this bug. ***
Comment 4 Julien Cristau 2009-05-24 04:15:52 UTC 
bugzilla apparently didn't like my mail, so trying again from the web...

commit 12e725d08b4cf7dbb7f09b9ec09fa1b621156ea9
Author: Julien Cristau <jcristau@debian.org>
Date:   Fri May 22 09:54:38 2009 +0200

    randr: fix server crash in RRGetScreenInfo

    We don't return rates to randr < 1.1 clients, so don't allocate space
    for them.  This fixes a FatalError due to not all allocated space being
    used.

    X.Org bug#21861 <http://bugs.freedesktop.org/show_bug.cgi?id=21861>

    Reported-by: Guillaume Quintin <coincoin169g@gmail.com>
    Signed-off-by: Julien Cristau <jcristau@debian.org>
Comment 5 Julien Cristau 2009-06-16 05:45:43 UTC 
*** Bug 22295 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.