c_client: Fix crash in xcb_randr_set_monitor (!47) · Merge requests · xorg / lib / libxcb

Ilya Pominov requested to merge ipominov/libxcb:xcb_protocol_request_t_count into master Apr 10, 2023

Take into account c_need_sizeof when evaluating xcb_protocol_request_t.count

Incorrect xcb_protocol_request_t.count causes a segmentation fault when calling functions:

xcb_randr_set_monitor{_checked}
xcb_input_change_feedback_control{_checked}
xcb_input_change_device_control{_unchecked}

Steps to reproduce: Call xcb_randr_set_monitor() with valid arguments

OBSERVED RESULT Segmentation fault

Process terminating with default action of signal 11 (SIGSEGV)
  Access not within mapped region at address 0x780
    at 0x4852925: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-
amd64-linux.so)
    by 0x486967C: memcpy (string_fortified.h:29)
    by 0x486967C: send_request (xcb_out.c:59)
    by 0x486967C: send_request (xcb_out.c:46)
    by 0x486967C: xcb_send_request_with_fds64 (xcb_out.c:338)
    by 0x48699FC: xcb_send_request (xcb_out.c:359)
    by 0x4891F11: xcb_randr_set_monitor_checked (randr.c:5350)

EXPECTED RESULT Function returns cookie

Amend: 77b594f9

Signed-off-by: Ilya Pominov ipominov@astralinux.ru

Admin message

c_client: Fix crash in xcb_randr_set_monitor

Merge request reports