[PATCH xserver 3/3] record: Preserve client input buffer for RecordEnableContext request.

Rami Ylimäki Mon, 03 Oct 2011 05:18:20 -0700

This request installs hooks that keep sending replies even after the
request handler has finished. Each reply accesses the input buffer. If
we let the buffer to be shared, we will eventually read garbage or
even from freed memory.


Signed-off-by: Rami Ylimäki <rami.ylim...@vincit.fi>
Reviewed-by: Erkki Seppälä <erkki.sepp...@vincit.fi>
---
 record/record.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/record/record.c b/record/record.c
index 5cae2b9..f0bfed7 100644
--- a/record/record.c
+++ b/record/record.c
@@ -44,6 +44,7 @@ and Jim Haggerty of Metheus.
 #include "inputstr.h"
 #include "eventconvert.h"
 #include "scrnintstr.h"
+#include "os.h"
 
 
 #include <stdio.h>
@@ -2423,6 +2424,12 @@ ProcRecordEnableContext(ClientPtr client)
     /* send StartOfData */
     RecordAProtocolElement(pContext, NULL, XRecordStartOfData, NULL, 0, 0, 0);
     RecordFlushReplyBuffer(pContext, NULL, 0, NULL, 0);
+
+    /* We need to still access the client input buffer as we keep
+     * sending replies to this request even after the request has
+     * been technically completed. */
+    ReserveClientInput(client);
+
     return Success;
 } /* ProcRecordEnableContext */
 
-- 
1.7.1

_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel

[PATCH xserver 3/3] record: Preserve client input buffer for RecordEnableContext request.

Reply via email to