Hello!
There is a time wraparound bug in the TimerSet function in
Xserver/os/WaitFor.c. If a timeout handler calls TimerSet to set a new
timeout which is after the next milliseconds wraparound, the TimerSet
function immediately calls the timer callback function again, which will
typically lead to infinite recursion and an X server crash.
The problem is the test
millis <= now
which is not wraparound safe. All other code in that file uses the
wraparound safe version
(int) (millis - now) <= 0
I found this bug in 4.2.0 while working on the Synaptics touchpad input
driver, but the code looks the same in 4.3.0 and current CVS. The patch
below fixes this problem.
*** xc/programs/Xserver/os/WaitFor.c.old Mon Jun 23 01:10:26 2003
--- xc/programs/Xserver/os/WaitFor.c Mon Jun 23 01:11:17 2003
***************
*** 567,573 ****
timer->expires = millis;
timer->callback = func;
timer->arg = arg;
! if (millis <= now)
{
timer->next = NULL;
millis = (*timer->callback)(timer, now, timer->arg);
--- 567,573 ----
timer->expires = millis;
timer->callback = func;
timer->arg = arg;
! if ((int) (millis - now) <= 0)
{
timer->next = NULL;
millis = (*timer->callback)(timer, now, timer->arg);
--
Peter Osterlund - [EMAIL PROTECTED]
http://w1.894.telia.com/~u89404340
_______________________________________________
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
