Skip to content

Xrandr queries cause invalid memory access in X server 1.12.1

Submitted by Michal Suchanek

Assigned to Xorg Project Team

Link to original bug (#48974)

Description

just running xrandr utility

==19803== Syscall param writev(vector[...]) points to uninitialised byte(s) ==19803== at 0x6517A3B: writev (writev.c:51) ==19803== by 0x297B5B: _XSERVTransSocketWritev (Xtranssock.c:2153) ==19803== by 0x2932E4: FlushClient (io.c:890) ==19803== by 0x293B38: FlushAllOutput (io.c:640) ==19803== by 0x15A921: Dispatch (dispatch.c:447) ==19803== by 0x149A19: main (main.c:288) ==19803== Address 0xcd9d6e1 is 1 bytes inside a block of size 4,096 alloc'd ==19803== at 0x4027034: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19803== by 0x2939A0: WriteToClient (io.c:1015) ==19803== by 0x15A6C8: ProcEstablishConnection (dispatch.c:3577) ==19803== by 0x15AA70: Dispatch (dispatch.c:425) ==19803== by 0x149A19: main (main.c:288) ==19803== Uninitialised value was created by a heap allocation ==19803== at 0x402894D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19803== by 0x21817B: ProcRenderQueryFilters (render.c:1691) ==19803== by 0x15AA70: Dispatch (dispatch.c:425) ==19803== by 0x149A19: main (main.c:288) ==19803==

changing screen layout:

==19803== Invalid read of size 1 ==19803== at 0x4029590: strncpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19803== by 0x8C6D68F: drmmode_set_mode_major (drmmode_display.c:172) ==19803== by 0x8C6DB45: drmmode_xf86crtc_resize (drmmode_display.c:1398) ==19803== by 0x1D48EF: xf86RandR12ScreenSetSize (xf86RandR12.c:691) ==19803== by 0x208DD0: ProcRRSetScreenSize (rrscreen.c:283) ==19803== by 0x15AA70: Dispatch (dispatch.c:425) ==19803== by 0x149A19: main (main.c:288) ==19803== Address 0x7518690 is 0 bytes inside a block of size 10 free'd ==19803== at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19803== by 0x1A9454: xf86DeleteMode (xf86Mode.c:2004) ==19803== by 0x1CA537: xf86ProbeOutputModes (xf86Crtc.c:1529) ==19803== by 0x1D37B3: xf86RandR12GetInfo12 (xf86RandR12.c:1517) ==19803== by 0x203CAC: RRGetInfo (rrinfo.c:195) ==19803== by 0x7F4256B: glxDRIEnterVT (glxdri2.c:601) ==19803== by 0x1974B7: xf86Wakeup (xf86Events.c:527) ==19803== by 0x15E99A: WakeupHandler (dixutils.c:421) ==19803== by 0x28D975: WaitForSomething (WaitFor.c:224) ==19803== by 0x15A7C1: Dispatch (dispatch.c:357) ==19803== by 0x149A19: main (main.c:288) ==19803== ==19803== Invalid read of size 1 ==19803== at 0x40295A8: strncpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19803== by 0x8C6D68F: drmmode_set_mode_major (drmmode_display.c:172) ==19803== by 0x8C6DB45: drmmode_xf86crtc_resize (drmmode_display.c:1398) ==19803== by 0x1D48EF: xf86RandR12ScreenSetSize (xf86RandR12.c:691) ==19803== by 0x208DD0: ProcRRSetScreenSize (rrscreen.c:283) ==19803== by 0x15AA70: Dispatch (dispatch.c:425) ==19803== by 0x149A19: main (main.c:288) ==19803== Address 0x7518691 is 1 bytes inside a block of size 10 free'd ==19803== at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19803== by 0x1A9454: xf86DeleteMode (xf86Mode.c:2004) ==19803== by 0x1CA537: xf86ProbeOutputModes (xf86Crtc.c:1529) ==19803== by 0x1D37B3: xf86RandR12GetInfo12 (xf86RandR12.c:1517) ==19803== by 0x203CAC: RRGetInfo (rrinfo.c:195) ==19803== by 0x7F4256B: glxDRIEnterVT (glxdri2.c:601) ==19803== by 0x1974B7: xf86Wakeup (xf86Events.c:527) ==19803== by 0x15E99A: WakeupHandler (dixutils.c:421) ==19803== by 0x28D975: WaitForSomething (WaitFor.c:224) ==19803== by 0x15A7C1: Dispatch (dispatch.c:357) ==19803== by 0x149A19: main (main.c:288) ==19803==

Version: 7.7 (2012.06)

Blocking

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information