Keith Packard wrote: > Around 17 o'clock on Nov 2, Christopher Blizzard wrote: > > >>Attached is a test case for the client library that always exits on my >>machine. Sometimes it gets a SIGPIPE, sometimes it gets a real X error >>but most of the time that it does get a real X error it has a random >>request_code. >> >>Yes, what the code does is insane ( huge strings like this don't usually >>happen in real life ) but it's still something that should probably be >>fixed. >> > > I see several possible "fixes": > > 1) Require that applications bounds check their text requests > 2) Make Xlib check and *truncate* the request (not reasonable) > 3) Use BIG-REQUESTS (but doesn't solve problem). > > Which would you like to use? > > [EMAIL PROTECTED] XFree86 Core Team SuSE, Inc. > >
I'm definitely slapping a bounds check around the call in Mozilla, limiting it to 32k since that's the largest possible string drawing that could take place. Also, Mozilla has to run on as a client on systems where I'm sure this isn't fixed. And, as Jim pointed out to me, the fact that we try to stuff that much data down the pipe in order to draw on a 200x200 window is, well, dumb. It would be good if you guys went through and looked at that code, though. If you can generate bad bits on the wire through an abusive, yet still legal use of the api, it probably needs to be fixed. --Chris -- ------------ Christopher Blizzard http://www.0xdeadbeef.com/ Fatty, you with your thick face have hurt my instep. ------------ _______________________________________________ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
