Peter Hutterer wrote: > On Mon, Apr 20, 2009 at 03:41:34PM +0200, Simon Thum wrote: >> Julien Cristau wrote: >>> One thing I'm wondering is if I should be more paranoid and also check >>> that format is 32 when type is FLOAT or ATOM. >> I'd say if the server does 'enforce' it, that's enough. We depend on a >> sane server anyway :) > > In regards to properties, the server doesn't really enforce anything. > properties are a storage mechanism and the X server will happily store > anything you tell it to. > > The only exception are those properties handled in the server/driver because > the handlers will usually check for sanity. This doesn't apply to user-defined > properties however. Ah OK, I haven't had those in mind. However, if it's important enough to do some checking, why not do it in the server + let clients be permissive? My thinking goes like: unenforced solution -> breakage in some client -> CVE-2011-0815
Cheers, Simon _______________________________________________ xorg-devel mailing list [email protected] http://lists.x.org/mailman/listinfo/xorg-devel
