In os/log.c:680 " newline = (buf[len - 1] == '\n');" running make check (signal-logging) len==0 thus accessing array buf with a negative subscript.
The full check is: if (sizeof(buf) - len == 1) buf[len - 1] = '\n'; Referring to buf, declared as: char buf[1024]; Thus if 1024 - len == 1, len must be 1023, not 0, and whatever checker is claiming 1023 - 1 can be negative needs to check it's math.
Actually I did point to the next instruction "newline = (buf[len - 1] == '\n');" and this one ran with len==0, I double checked putting "if(len <= 0) FatalError("log.c:680 len subscript check\n");" immediately before. Will you please double check as well?
Sorry, you're on a different version of the code, so the line numbers don't match up with our current git master that I'm looking at - I see the code you are referring to on line 700 now. There is a small chance that len could be 0 there, if something called LogVMessageVerbSigSafe() with an invalid or empty format string, which should only happen in case of a bug in a caller.
Consider that this comes from "make check" so the caller shouldn't be wrong. If it is wrong, this is a xorg 1.14.4 distribution bug.
It does not come from "make check" with any compiler or options used by the X.Org developers. What have you used to cause "make check" to issue that?
Created attachment 102334 [details] [review] 0001-os-prevent-negative-array-index-access.patch small corner case, though I don't think we're triggering this anywhere: and empty string causes len to be 0.
I just applied the patch. Now signal-logging PASSes, displaying lots of (EE) messages but in the end (EE) Server terminated successfully (0). Closing log file. PASS: signal-logging
http://patchwork.freedesktop.org/patch/29254/
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/460.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.