Bug 9526 - Length field in create gradient requests is not set correctly
Summary: Length field in create gradient requests is not set correctly
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/Xrender (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: high major
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-03 06:16 UTC by David Reveman
Modified: 2007-08-21 11:56 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:


Attachments
Properly set length field in gradient requests (1.99 KB, patch)
2007-01-03 06:19 UTC, David Reveman
no flags Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description David Reveman 2007-01-03 06:16:58 UTC
XRenderCreateLinearGradient, XRenderCreateRadialGradient and
XRenderCreateConicalGradient functions in Picture.c adds the color stop length
after adding the color stop data. If the color stop data exceeds the output
buffer, the request will be sent to the server with an incorrect length field.
Simply adding the color stop length before sending the color stop data will fix
this issue.

This bug affects any client using gradient pictures. Clients that use a version
of libXrender without this fixed can workaround the issue by flushing the output
buffer just before creating a gradient picture.

The current code is also not handling the case where the number of color stops
is so great that a "Big Request" is required. Using SetReqLen to set the length
field instead of manually incrementing it will take care of this.

I'm attaching a patch that will fix both issues. Can I commit this patch and
increment the version number to 0.9.3?
Comment 1 David Reveman 2007-01-03 06:19:37 UTC
Created attachment 8281 [details] [review]
Properly set length field in gradient requests
Comment 2 Daniel Stone 2007-02-27 01:35:28 UTC
Sorry about the phenomenal bug spam, guys.  Adding xorg-team@ to the QA contact so bugs don't get lost in future.
Comment 3 Kristian Høgsberg 2007-08-15 10:53:57 UTC
David, looks like the right fix to me, please apply and make a 0.9.3 release.
Comment 4 David Reveman 2007-08-21 11:56:41 UTC
done.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.