From 437c78ef9ff1177e04b3d6781b5805d89b2ab81a Mon Sep 17 00:00:00 2001
From: Dodji Seketeli <dodji@seketeli.org>
Date: Thu, 21 Feb 2008 15:29:27 +0100
Subject: [PATCH] [Xephyr/GL] don't crash when the host returns a NULL server
 string

---
 hw/kdrive/ephyr/ephyrglxext.c  | 14 ++++++++++++--
 hw/kdrive/ephyr/ephyrhostglx.c |  9 +++++++--
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/hw/kdrive/ephyr/ephyrglxext.c b/hw/kdrive/ephyr/ephyrglxext.c
index 381c9d7ed..43a634d24 100644
--- a/hw/kdrive/ephyr/ephyrglxext.c
+++ b/hw/kdrive/ephyr/ephyrglxext.c
@@ -362,7 +362,7 @@ ephyrGLXQueryServerString(__GLXclientState *a_cl, GLbyte *a_pc)
     ClientPtr client = a_cl->client;
     xGLXQueryServerStringReq *req = (xGLXQueryServerStringReq *) a_pc;
     xGLXQueryServerStringReply reply;
-    char *server_string=NULL ;
+    char *server_string=NULL, *buf=NULL;
     int length=0 ;
 
     EPHYR_LOG ("enter\n") ;
@@ -379,9 +379,15 @@ ephyrGLXQueryServerString(__GLXclientState *a_cl, GLbyte *a_pc)
     reply.sequenceNumber = client->sequence ;
     reply.length = __GLX_PAD (length) >> 2 ;
     reply.n = length ;
+    buf = xcalloc (reply.length << 2, 1);
+    if (!buf) {
+        EPHYR_LOG_ERROR ("failed to allocate string\n;");
+        return BadAlloc;
+    }
+    memcpy (buf, server_string, length);
 
     WriteToClient(client, sz_xGLXQueryServerStringReply, (char*)&reply);
-    WriteToClient(client, (int)length, server_string);
+    WriteToClient(client, (int)(reply.length << 2), server_string);
 
     res = Success ;
 
@@ -391,6 +397,10 @@ out:
         xfree (server_string) ;
         server_string = NULL;
     }
+    if (buf) {
+        xfree (buf);
+        buf = NULL;
+    }
     return res ;
 }
 
diff --git a/hw/kdrive/ephyr/ephyrhostglx.c b/hw/kdrive/ephyr/ephyrhostglx.c
index 5d9a482e8..f5db5be16 100644
--- a/hw/kdrive/ephyr/ephyrhostglx.c
+++ b/hw/kdrive/ephyr/ephyrhostglx.c
@@ -151,6 +151,7 @@ ephyrHostGLXGetStringFromServer (int a_screen_number,
 {
     Bool is_ok=FALSE ;
     Display *dpy = hostx_get_display () ;
+    int default_screen = DefaultScreen (dpy);
     xGLXGenericGetStringReq *req=NULL;
     xGLXSingleReply reply;
     int length=0, numbytes=0, major_opcode=0, get_string_op=0;
@@ -188,13 +189,17 @@ ephyrHostGLXGetStringFromServer (int a_screen_number,
     GetReq (GLXGenericGetString, req);
     req->reqType = major_opcode;
     req->glxCode = get_string_op;
-    req->for_whom = DefaultScreen (dpy);
+    req->for_whom = default_screen;
     req->name = a_string_name;
 
     _XReply (dpy, (xReply *)&reply, 0, False);
 
     length = reply.length * 4;
-    numbytes = reply.size;
+    if (!length) {
+        numbytes = 0;
+    } else {
+        numbytes = reply.size;
+    }
     EPHYR_LOG ("going to get a string of size:%d\n", numbytes) ;
 
     *a_string = (char *) Xmalloc (numbytes +1);