>Do you have a patch that fixes this? Also, have you seen any other bad
>side-effects of a bigrequest with length 0?
Here is a patch. I have seen ProcNoOperation will fail to return
BadLength. There are some other functions which also can not return
correctly, such as ProcLbxStartProxy. If only REQUEST_AT_LEAST_SIZE was
checked, then BadLength will not be returned by the Xserver. So the
following patch will not decrease the client->req_len by 1 when it is set
to 0 previously. I am not sure this is a good solution for this problem.
--- xc/programs/Xserver/os/io.c.orig 2003-04-27 14:31:08.000000000 -0700
+++ xc/programs/Xserver/os/io.c 2004-06-04 11:07:34.259432264 -0700
@@ -500,7 +500,11 @@ ReadRequestFromClient(ClientPtr client)
oci->bufptr += (sizeof(xBigReq) - sizeof(xReq));
*(xReq *)oci->bufptr = *request;
oci->lenLastReq -= (sizeof(xBigReq) - sizeof(xReq));
- client->req_len -= (sizeof(xBigReq) - sizeof(xReq)) >> 2;
+
+ /* When the client send a bigrequest with wrong length 0, then
+ we didn't change it so that BadLength can be returned. */
+ if (client->req_len != 0)
+ client->req_len -= (sizeof(xBigReq) - sizeof(xReq)) >> 2;
}
#endif
client->requestBuffer = (pointer)oci->bufptr;
Best Regards!
Peng Hongbo
_______________________________________________
XFree86 mailing list
XFree86@xxxxxxxxxxx
http://XFree86.Org/mailman/listinfo/xfree86
