On 2015-01-21 15:21, Ian Romanick wrote: > On 01/20/2015 05:57 PM, Peter Harris wrote: >> Found by -fsanitize=address >> >> Signed-off-by: Peter Harris <phar...@opentext.com> >> --- >> xts5/src/libproto/ShowSup.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/xts5/src/libproto/ShowSup.c b/xts5/src/libproto/ShowSup.c >> index a05ff7d..b8ba796 100644 >> --- a/xts5/src/libproto/ShowSup.c >> +++ b/xts5/src/libproto/ShowSup.c >> @@ -581,7 +581,7 @@ int format; >> int i; >> >> if (nval > 0) { >> - valuePtr = (CARD32 *) ((CARD32 *) rp + size); >> + valuePtr = (CARD32 *) ((CARD8 *) rp + size); > > The original code seems so bogus that the error must be trivially > observable. How did this remain undetected for so long? It was in the > initial import in February 2005... 10 years ago!
The values are thrown away unless you set XT_DEBUG >= 2 (the default is 0), so the fact that it's trying to print garbage isn't likely to be noticed. You really need -fsanitize=address (or valgrind or efence or similar) to trap on the bogus memory read. I never would have noticed if I hadn't been playing with -fsanitize=address to try to find the bug fixed by patch 2/2. (it didn't help; -fsanitize=address changed xtest enough that it stopped triggering the bug in my server) > As a side note... I'm impressed that ajax hasn't kill every bit of > pre-C89 code from git.freedesktop.org. :) :) Peter Harris -- Open Text Connectivity Solutions Group Peter Harris http://connectivity.opentext.com/ Research and Development Phone: +1 905 762 6001 phar...@opentext.com Toll Free: 1 877 359 4866 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel