This request installs hooks that keep sending replies even after the request handler has finished. Each reply accesses the input buffer. If we let the buffer to be shared, we will eventually read garbage or even from freed memory.
Signed-off-by: Rami Ylimäki <[email protected]> Reviewed-by: Erkki Seppälä <[email protected]> --- record/record.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/record/record.c b/record/record.c index 5cae2b9..f0bfed7 100644 --- a/record/record.c +++ b/record/record.c @@ -44,6 +44,7 @@ and Jim Haggerty of Metheus. #include "inputstr.h" #include "eventconvert.h" #include "scrnintstr.h" +#include "os.h" #include <stdio.h> @@ -2423,6 +2424,12 @@ ProcRecordEnableContext(ClientPtr client) /* send StartOfData */ RecordAProtocolElement(pContext, NULL, XRecordStartOfData, NULL, 0, 0, 0); RecordFlushReplyBuffer(pContext, NULL, 0, NULL, 0); + + /* We need to still access the client input buffer as we keep + * sending replies to this request even after the request has + * been technically completed. */ + ReserveClientInput(client); + return Success; } /* ProcRecordEnableContext */ -- 1.7.1 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
