c_client: Fix crash in xcb_randr_set_monitor
Take into account c_need_sizeof when evaluating
xcb_protocol_request_t.count
Incorrect xcb_protocol_request_t.count causes a segmentation fault when
calling functions:
- xcb_randr_set_monitor{_checked}
- xcb_input_change_feedback_control{_checked}
- xcb_input_change_device_control{_unchecked}
Steps to reproduce:
Call xcb_randr_set_monitor() with valid arguments
OBSERVED RESULT
Segmentation fault
```
Process terminating with default action of signal 11 (SIGSEGV)
Access not within mapped region at address 0x780
at 0x4852925: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-
amd64-linux.so)
by 0x486967C: memcpy (string_fortified.h:29)
by 0x486967C: send_request (xcb_out.c:59)
by 0x486967C: send_request (xcb_out.c:46)
by 0x486967C: xcb_send_request_with_fds64 (xcb_out.c:338)
by 0x48699FC: xcb_send_request (xcb_out.c:359)
by 0x4891F11: xcb_randr_set_monitor_checked (randr.c:5350)
```
EXPECTED RESULT
Function returns cookie
Amend: 77b594f958
Signed-off-by: Ilya Pominov <ipominov@astralinux.ru>
This commit is contained in:
Ilya Pominov
parent
8935793f1f
commit
038636786a
|
|
@ -2340,7 +2340,7 @@ def _c_request_helper(self, name, void, regular, aux=False, reply_fds=False):
|
|||
for field in param_fields:
|
||||
if not field.type.fixed_size() and field.wire:
|
||||
count = count + 2
|
||||
if field.type.c_need_serialize:
|
||||
if field.type.c_need_serialize or field.type.c_need_sizeof:
|
||||
# _serialize() keeps track of padding automatically
|
||||
count -= 1
|
||||
dimension = count + 2
|
||||
|
|
|
|||
Loading…
Reference in New Issue