This sequence of code in DMXAddScreen(): length = displayName ? strlen(displayName) : 0; paddedLength = (length + 3) & ~3; if (length) { char *buffer = Xmalloc(paddedLength); memset(buffer, 0, paddedLength); strcpy(buffer, displayName); } if displayName is a multiple of 4 the nul byte gets written past the end of the allocated buffer. This can cause crashes if it overwrites some heap memchunk accounting details. Attaching trivial patch
Created attachment 1441 [details] [review] [FIXED_X11R68x] patch
Created attachment 1442 [details] [review] [FIXED_X11R68x] patch for DMXAddInput() too Just noticed that DMXAddInput() has the same issue
Mark, good find. Thanks for the patch. I will take care of committing it to CVS. Roland, it is not necessary to add me to DMX bugs as I'm on the dmx-bugs alias.
Comment on attachment 1441 [details] [review] [FIXED_X11R68x] patch Trivial fix Patch tested and applied to HEAD
Comment on attachment 1442 [details] [review] [FIXED_X11R68x] patch for DMXAddInput() too Trivial fix Patch tested and applied to HEAD
Patches have been checked into HEAD and nominated for inclusion in 6.8.2 Mark, thanks again for the patches. Closing.
Comment on attachment 1441 [details] [review] [FIXED_X11R68x] patch Approval for X11R6.8.x stable branch granted in the 2004-12-08 release-wranglers phone call. Please don't commit, I'll do that myself...
Comment on attachment 1442 [details] [review] [FIXED_X11R68x] patch for DMXAddInput() too Approval for X11R6.8.x stable branch granted in the 2004-12-08 release-wranglers phone call. Please don't commit, I'll do that myself...
Comment on attachment 1441 [details] [review] [FIXED_X11R68x] patch Patch checked-in into X11R6.8.x stable branch... /cvs/xorg/xc/ChangeLog,v <-- ChangeLog new revision: 1.365.2.19; previous revision: 1.365.2.18 cvs commit: Using deprecated info format strings. Convert your scripts to use the new argument format and remove '1's from your info file format strings. /cvs/xorg/xc/lib/dmx/dmx.c,v <-- dmx.c new revision: 1.1.4.1; previous revision: 1.1 cvs commit: Using deprecated info format strings. Convert your scripts to use the new argument format and remove '1's from your info file format strings. Mailing the commit message to xorg-commit@lists.freedesktop.org...
Comment on attachment 1442 [details] [review] [FIXED_X11R68x] patch for DMXAddInput() too Patch checked-in into the X11R6.8.x stable branch: /cvs/xorg/xc/ChangeLog,v <-- ChangeLog new revision: 1.365.2.20; previous revision: 1.365.2.19 cvs commit: Using deprecated info format strings. Convert your scripts to use the new argument format and remove '1's from your info file format strings. /cvs/xorg/xc/lib/dmx/dmx.c,v <-- dmx.c new revision: 1.1.4.2; previous revision: 1.1.4.1 cvs commit: Using deprecated info format strings. Convert your scripts to use the new argument format and remove '1's from your info file format strings. Mailing the commit message to xorg-commit@lists.freedesktop.org...
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.