package: nx-libs version: head
In nx-libs/nx-X11/extras/Mesa/src/glx/x11/glxextensions.c the length of the zeroed memory is the length of the pointer (4 bytes in case of a 32bit system) not the length of the data the pointer points to (8 byte).
static void __glXProcessServerString( const struct extension_info * ext, const char * server_string, unsigned char * server_support ) { unsigned base; unsigned len;
(void) memset( server_support, 0, sizeof( server_support ) );
Furthermore the length of the memory area pointed to by server_support is defined in varying ways in the coding:
#define __GL_EXT_BYTES ((__NUM_GL_EXTS + 7) / 8)
unsigned char server_support[ __GL_EXT_BYTES ]; unsigned char server_support[8];
Currently __NUM_GL_EXTS = 123, so __GL_EXT_BYTES = 8.
What is expected to happen if __GL_EXT_BYTES > 8 after defining six more values in the unamed (sic!) enum with the different bits?
This questionable code was identified with cppcheck. http://cppcheck.sourceforge.net/
Best regards
Heinrich Schuchardt
Hi Heinrich,
On Fr 30 Jan 2015 20:29:51 CET, Heinrich Schuchardt wrote:
package: nx-libs version: head
In nx-libs/nx-X11/extras/Mesa/src/glx/x11/glxextensions.c the length of the zeroed memory is the length of the pointer (4 bytes in case of a 32bit system) not the length of the data the pointer points to (8 byte).
static void __glXProcessServerString( const struct extension_info * ext, const char * server_string, unsigned char * server_support ) { unsigned base; unsigned len;
(void) memset( server_support, 0, sizeof( server_support ) );
Furthermore the length of the memory area pointed to by server_support is defined in varying ways in the coding:
#define __GL_EXT_BYTES ((__NUM_GL_EXTS + 7) / 8)
unsigned char server_support[ __GL_EXT_BYTES ]; unsigned char server_support[8];
Currently __NUM_GL_EXTS = 123, so __GL_EXT_BYTES = 8.
What is expected to happen if __GL_EXT_BYTES > 8 after defining six more values in the unamed (sic!) enum with the different bits?
This questionable code was identified with cppcheck. http://cppcheck.sourceforge.net/
Best regards
Heinrich Schuchardt
Now that you have analyzed it, do you see a chance for coming up with patch?
THANKS+GREETS, Mike
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
Processing control commands:
tag -1 not-a-bug Bug #776 [nx-libs] nx-X11: Size of pointer 'server_support' used instead of size of its data Added tag(s) not-a-bug. close -1 Bug #776 [nx-libs] nx-X11: Size of pointer 'server_support' used instead of size of its data Marked Bug as done
-- 776: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=776 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems
Processing control commands:
tag -1 not-a-bug Bug #776 {Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>} [nx-libs] nx-X11: Size of pointer 'server_support' used instead of size of its data Ignoring request to alter tags of bug #776 to the same tags previously set close -1 Bug #776 {Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>} [nx-libs] nx-X11: Size of pointer 'server_support' used instead of size of its data Bug 776 is already marked as done; not doing anything.
-- 776: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=776 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems
-
Heinrich Schuchardt -
Mike Gabriel -
owner@bugs.x2go.org