Bug 651

Summary: REGION_INIT fails with NullBox
Product: xorg Reporter: Tim Waugh <twaugh>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED NOTABUG QA Contact:
Severity: normal    
Priority: high CC: mharris, roland.mainz
Version: 6.7.0   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Tim Waugh 2004-05-21 03:14:23 UTC 
I am trying to compile RealVNC 4.0beta5 against Xorg, and although I get an Xvnc
binary it segfaults on start.

The crash is in REGION_INIT(pScreen, reg, NullBox, 0) -- in VNC code -- although
in xc/program/Xserver/include/regionstr.h it appears that using NullBox here is
okay:

#ifndef REGION_NULL
#define REGION_NULL(_pScreen, _pReg) \
    REGION_INIT(_pScreen, _pReg, NullBox, 1)
#endif

However, REGION_INIT picks up this definition:

#define REGION_INIT(_pScreen, _pReg, _rect, _size) \
{ \
    REGION_SCREEN(_pScreen); \
    (_pReg)->extents = *(_rect); \
    (_pReg)->data = (RegDataPtr)NULL; \
}

and (NullBox being NULL) the dereference of _rect seems to be what's causing the
problem.

In XFree86-4.3.0 the REGION_INIT definition was:

#define REGION_INIT(_pScreen, _pReg, _rect, _size) \
{ \
    if (_rect) \
    { \
        (_pReg)->extents = *(_rect); \
        (_pReg)->data = (RegDataPtr)NULL; \
    } \
    else \
    { \
        (_pReg)->extents = miEmptyBox; \
        if (((_size) > 1) && ((_pReg)->data = \
                             (RegDataPtr)xalloc(REGION_SZOF(_size)))) \
        { \
            (_pReg)->data->size = (_size); \
            (_pReg)->data->numRects = 0; \
        } \
        else \
            (_pReg)->data = &miEmptyData; \
    } \
}

and so my question is: why don't we check whether _rect can be dereferenced any
more?  Is this a bug in REGION_INIT?
Comment 1 Egbert Eich 2004-05-27 22:58:24 UTC 
NULL_REGION() should work as it is defined to 

#define REGION_NULL(_pScreen, _pReg) \
{ \
    REGION_SCREEN(_pScreen); \
    (_pReg)->extents = miEmptyBox; \
    (_pReg)->data = &miEmptyData; \
}

whenever REGION_INIT() is defined to:
#define REGION_INIT(_pScreen, _pReg, _rect, _size) \
{ \
    REGION_SCREEN(_pScreen); \
    (_pReg)->extents = *(_rect); \
    (_pReg)->data = (RegDataPtr)NULL; \
}

In the VNC code you have to replace REGION_INIT(..NullBox..) with REGION_NULL()
however. I went thru this once already. Maybe I should make my fixes publically
available.
Comment 2 Tim Waugh 2004-05-27 23:32:18 UTC 
Thanks.  I've figured out a patch and sent it to the VNC people.  Sorry for the
noise.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.