I fell in a case where in xcb_icccm_get_wm_class_from_reply, the reply was empty, i.e., in following snippet from icccm.c, len was 0, and reply->length was 0 also. int len = xcb_get_property_value_length(prop->_reply); if(len < reply->length * 4) prop->instance_name[len] = 0; else prop->instance_name[len-1] = 0; in this case, prop->instance_name[-1] is set to 0, and the following strlen(prop->instance_name) may access invalid memory. This may be reproduced under openbox window manager, under which there is this window triggering the bug : If xwininfo is compiled without icccm : ./xwininfo -tree -root | grep Openbox 0xe0008b "Openbox": ("" (none)) 1x1+-100+-100 +-100+-100 If xwininfo is compiled with icccm : ./xwininfo -tree -root | grep Openbox 0xe0008b "Openbox": ("" "") 1x1+-100+-100 +-100+-100 The second case triggers the Invalid memory access
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/lib/libxcb-cursor/issues/1.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.