The original issue should be fixed by Keith's commit yesterday:
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/a3c0b5dbd6b
I also put in a commit yesterday to prevent some potential use-after-free
issues found by our static analyzer:
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/103e2e11519
If we wait until libX11 is completely bug free, we'll never ship a release.
Shipping 1.7.0 doesn't mean we stop work - these could continue to be
investigated for 1.7.1 while users get a significant set of bug fixes and
improvements in 1.7.0.
-alan-
On 11/19/20 8:32 AM, Walter Harms wrote:
I would ask to wait before releasing a new version.
Actually i had no time the check that, maybe they are all fixed now.
NTL we should investigate and fix.
btw:gcc has some warnings for xts also
Vittorio Zecca reportet that xts5 finds some more issues.
SUMMARY: AddressSanitizer: heap-use-after-free
/home/vitti/rpmbuil/SOURCES/libX11-1.6.12/src/DrPoint.c:47 in XDrawPoint
SUMMARY: AddressSanitizer: heap-use-after-free
/home/vitti/rpmbuild/SOURCES/libX11-1.6.12/src/SetClMask.c:40 in XSetClipMask
SUMMARY: AddressSanitizer: heap-use-after-free
/home/vitti/rpmbuild/SOURCES/libX11-1.6.12/src/CrGC.c:339 in XFlushGC
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/vitti/libasan.so+0x39dd2) in __interceptor_memcpy
SUMMARY: AddressSanitizer: double-free (/home/vitti/libasan.so+0xab0c7) in
__interceptor_free
SUMMARY: AddressSanitizer: heap-use-after-free
/home/vitti/rpmbuild/SOURCES/libX11-1.6.12/src/DrLine.c:50 in XDrawLine
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/vitti/libasan.so+0x589c2) in __interceptor_strncpy
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/vitti/libasan.so+0x39dd2) in __interceptor_memcpy
SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/vitti/libasan.so+0x39dd2) in __interceptor_memcpy
SUMMARY: AddressSanitizer: heap-use-after-free
/home/vitti/rpmbuild/SOURCES/libX11-1.6.12/src/DrLine.c:50 in XDrawLine
SUMMARY: AddressSanitizer: heap-use-after-free
/home/vitti/rpmbuild/SOURCES/libX11-1.6.12/src/QuExt.c:43 in XQueryExtension
________________________________________
Von: Keith Packard <[email protected]>
Gesendet: Dienstag, 17. November 2020 03:11
An: Alan Coopersmith; Walter Harms; Matthieu Herrb;
[email protected]
Cc: Vittorio Zecca
Betreff: Re: AW: Preparing for libX11 1.7.0
Alan Coopersmith <[email protected]> writes:
https://lists.x.org/archives/xorg/2020-November/060510.html
I've reviewed this message and believe that this issue has already been
fixed on Xlib master -- Jacek Caban provided a set of fixes over three
years ago which have been merged along with some small additional work I
did as well:
https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/56
This series gives up on ever freeing locale information due to Xlib API
design issues, so it's likely to avoid accessing something after it has
been freed.
--
-keith
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - https://blogs.oracle.com/alanc
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel
