Bug 25785

Summary: libSM: uninitialized / previously buffered data sent in list/array padding
Product: xorg Reporter: David Baron <dbaron>
Component: Lib/otherAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED INVALID QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium CC: dbaron
Version: unspecifiedKeywords: patch
Hardware: Other   
OS: All   
Whiteboard: 2011BRB_Reviewed
i915 platform: i915 features:
Attachments:
Description Flags
patch none

Description David Baron 2009-12-23 17:56:10 UTC
Created attachment 32267 [details] [review]
patch

As I mentioned in bug 17644 comment 2, I was investigating the same problem described in bug 17644 (since I was using a libSM lacking the fix there), and came up with an alternative fix that I think *might* be preferable.  Since attaching a patch on a closed bug probably isn't the best way to get it seen, I'm attaching it to an open bug in case you also prefer this approach.

The patch in bug 17644 zero-fills the scratch buffer when allocating it.  After that point, the buffer is reused multiple times, so effectively-uninitialized data (i.e., from the previous use of the scratch buffer) is still being used and sent over sockets.

In any case, here's an alternative patch that stores zeros when adding padding instead of just skipping space.
Comment 1 Jeremy Huddleston Sequoia 2011-10-09 02:46:26 UTC
Could you please send your patch to xorg-devel for review?
Comment 3 Adam Jackson 2018-06-12 19:08:04 UTC
Mass closure: This bug has been untouched for more than six years, and is not
obviously still valid. Please reopen this bug or file a new report if you continue to experience issues with current releases.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.