Skip to content

Bugs regarding the allocation of XResClientIdValue::value in ReadClientValues, which is used in XResQueryClientIds

This is about these two lines of code: https://gitlab.freedesktop.org/xorg/lib/libxres/-/blob/97d312e5fd9b4b97e3f50c899a40325768f246a5/src/XRes.c#L258-259

I think there isn't enough memory allocated for the _XRead32. If I understand that function correctly, while it reads the number of bytes specified, it returns/writes one long for every 32bit of data. On a 64bit system, a long is usually 8 bytes big. The memory allocated is only the number of bytes read, not the number of space the long values would need. This causes twice as much memory to be overwritten as was allocated on 64bit system.

Another thing which seams odd to me about this is that the memory is allocated there, and not in XResQueryClientIds as part of the memory allocated for the client_ids. Is the caller of XResQueryClientIds really supposed to free all these values by himself?

And the last thing I wonder about, why is XResClientIdValue::value of type void*, shouldn't it be of type long*? According to the spec here: https://www.x.org/releases/X11R7.7/doc/resourceproto/resproto.txt It says client_ids: LISTofCLIENTIDVALUE and

CLIENTIDVALUE [ spec:   CLIENTIDSPEC
                length: CARD32
                value:  LISTofCARD32 ]

And I think CARD32 seams to usually be translated to a long in the libraries other data structures?

(Closed previous identical issue 2 which I marked as confidential because noone responded to it in over a month and I can't unmark it anymore.)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information