On Sat, Jun 05, 2004 at 10:29:53PM +0800, Peng Hongbo wrote: >>Do you have a patch that fixes this? Also, have you seen any other bad >>side-effects of a bigrequest with length 0? > >Here is a patch. I have seen ProcNoOperation will fail to return >BadLength. There are some other functions which also can not return >correctly, such as ProcLbxStartProxy. If only REQUEST_AT_LEAST_SIZE was >checked, then BadLength will not be returned by the Xserver. So the >following patch will not decrease the client->req_len by 1 when it is set >to 0 previously. I am not sure this is a good solution for this problem. I'm committing something simliar to your patch. Thanks for the report and patch. David > >--- xc/programs/Xserver/os/io.c.orig 2003-04-27 14:31:08.000000000 -0700 >+++ xc/programs/Xserver/os/io.c 2004-06-04 11:07:34.259432264 -0700 >@@ -500,7 +500,11 @@ ReadRequestFromClient(ClientPtr client) > oci->bufptr += (sizeof(xBigReq) - sizeof(xReq)); > *(xReq *)oci->bufptr = *request; > oci->lenLastReq -= (sizeof(xBigReq) - sizeof(xReq)); >- client->req_len -= (sizeof(xBigReq) - sizeof(xReq)) >> 2; >+ >+ /* When the client send a bigrequest with wrong length 0, then >+ we didn't change it so that BadLength can be returned. */ >+ if (client->req_len != 0) >+ client->req_len -= (sizeof(xBigReq) - sizeof(xReq)) >> 2; > } > #endif > client->requestBuffer = (pointer)oci->bufptr; > > >Best Regards! >Peng Hongbo > > >_______________________________________________ >XFree86 mailing list >XFree86@xxxxxxxxxxx >http://XFree86.Org/mailman/listinfo/xfree86 > _______________________________________________ XFree86 mailing list XFree86@xxxxxxxxxxx http://XFree86.Org/mailman/listinfo/xfree86
