Hello all When a client send a bigrequest with length being set to 0, the X server sometimes doesn't return BadLength. In xc/programs/Xserer/os/io.c, if the length is 0, then client->req_len is set to 0xFFFFFFFF after it move the header. Some processor of the request only check for REQUEST_AT_LEAST_SIZE(...), for example ProcNoOperation. Then the client will not received a BadLength error. It may be better for ReadRequestFromClient() to set client->req_len according to the bad request length so that BadLength can be returned. ReadRequestFromClient(..) { ... #ifdef BIGREQS if (move_header) { request = (xReq *)oci->bufptr; oci->bufptr += (sizeof(xBigReq) - sizeof(xReq)); *(xReq *)oci->bufptr = *request; oci->lenLastReq -= (sizeof(xBigReq) - sizeof(xReq)); client->req_len -= (sizeof(xBigReq) - sizeof(xReq)) >> 2; } #endif ... } Best Regards! Peng Hongbo _______________________________________________ XFree86 mailing list XFree86@xxxxxxxxxxx http://XFree86.Org/mailman/listinfo/xfree86