Bug 25785

Summary:

libSM: uninitialized / previously buffered data sent in list/array padding

Product:

xorg

Reporter:

David Baron <dbaron>

Component:

Lib/other

Assignee:

Xorg Project Team <xorg-team>

Status:

RESOLVED INVALID

QA Contact:

Xorg Project Team <xorg-team>

Severity:

normal

Priority:

medium

CC:

dbaron

Version:

unspecified

Keywords:

patch

Hardware:

Other

OS:

All

Whiteboard:

2011BRB_Reviewed

i915 platform:

i915 features:

Attachments:

Description	Flags
patch	none

Description David Baron 2009-12-23 17:56:10 UTC

Created attachment 32267 [details] [review]
patch

As I mentioned in bug 17644 comment 2, I was investigating the same problem described in bug 17644 (since I was using a libSM lacking the fix there), and came up with an alternative fix that I think *might* be preferable.  Since attaching a patch on a closed bug probably isn't the best way to get it seen, I'm attaching it to an open bug in case you also prefer this approach.

The patch in bug 17644 zero-fills the scratch buffer when allocating it.  After that point, the buffer is reused multiple times, so effectively-uninitialized data (i.e., from the previous use of the scratch buffer) is still being used and sent over sockets.

In any case, here's an alternative patch that stores zeros when adding padding instead of just skipping space.

Comment 1 Jeremy Huddleston Sequoia 2011-10-09 02:46:26 UTC

Could you please send your patch to xorg-devel for review?

Comment 2 David Baron 2011-10-09 16:19:21 UTC

http://lists.x.org/archives/xorg-devel/2011-October/026163.html

Comment 3 Adam Jackson 2018-06-12 19:08:04 UTC

Mass closure: This bug has been untouched for more than six years, and is not
obviously still valid. Please reopen this bug or file a new report if you continue to experience issues with current releases.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.