X2Go Bug report logs - #776
nx-X11: Size of pointer 'server_support' used instead of size of its data

version graph

Package: nx-libs; Maintainer for nx-libs is X2Go Developers <x2go-dev@lists.x2go.org>;

Reported by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Date: Fri, 30 Jan 2015 19:35:02 UTC

Severity: normal

Tags: not-a-bug, pending

Found in version head

Fixed in version 2:3.5.0.29

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#776; Package nx-libs. (Fri, 30 Jan 2015 19:35:02 GMT) (full text, mbox, link).


Acknowledgement sent to Heinrich Schuchardt <xypron.glpk@gmx.de>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Fri, 30 Jan 2015 19:35:02 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: submit@bugs.x2go.org
Subject: nx-X11: Size of pointer 'server_support' used instead of size of its data
Date: Fri, 30 Jan 2015 20:29:51 +0100
package: nx-libs
version: head


In nx-libs/nx-X11/extras/Mesa/src/glx/x11/glxextensions.c
the length of the zeroed memory is the length of the pointer (4 bytes in
case of a 32bit system) not the length of the data the pointer points to
(8 byte).

static void
__glXProcessServerString( const struct extension_info * ext,
			  const char * server_string,
			  unsigned char * server_support )
{
   unsigned  base;
   unsigned  len;

   (void) memset( server_support, 0, sizeof( server_support ) );

Furthermore the length of the memory area pointed to by server_support
is defined in varying ways in the coding:

#define __GL_EXT_BYTES   ((__NUM_GL_EXTS + 7) / 8)


unsigned char server_support[ __GL_EXT_BYTES ];
unsigned char server_support[8];

Currently __NUM_GL_EXTS = 123, so __GL_EXT_BYTES = 8.

What is expected to happen if __GL_EXT_BYTES > 8 after defining six more
values in the unamed (sic!) enum with the different bits?

This questionable code was identified with cppcheck.
http://cppcheck.sourceforge.net/

Best regards

Heinrich Schuchardt


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#776; Package nx-libs. (Fri, 30 Jan 2015 20:30:01 GMT) (full text, mbox, link).


Acknowledgement sent to Heinrich Schuchardt <xypron.glpk@gmx.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Fri, 30 Jan 2015 20:30:02 GMT) (full text, mbox, link).


Message #10 received at 776@bugs.x2go.org (full text, mbox, reply):

From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: 776@bugs.x2go.org
Subject: re: nx-X11: Size of pointer 'server_support' used instead of size of its data
Date: Fri, 30 Jan 2015 21:22:55 +0100
The same bug exists in the master branch of
http://cgit.freedesktop.org/mesa/mesa/tree/src/glx/glxextensions.c

But here __GL_EXT_BYTES = 9.

I will report the same bug to the upstream.

Who takes care of porting new upstream versions of the mesa library to x2go?

Best regards

Heinrich Schuchardt


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#776; Package nx-libs. (Sat, 31 Jan 2015 15:05:01 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Sat, 31 Jan 2015 15:05:02 GMT) (full text, mbox, link).


Message #15 received at 776@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>, 776@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#776: nx-X11: Size of pointer 'server_support' used instead of size of its data
Date: Sat, 31 Jan 2015 15:03:07 +0000
[Message part 1 (text/plain, inline)]
Hi Heinrich,

On  Fr 30 Jan 2015 20:29:51 CET, Heinrich Schuchardt wrote:

> package: nx-libs
> version: head
>
>
> In nx-libs/nx-X11/extras/Mesa/src/glx/x11/glxextensions.c
> the length of the zeroed memory is the length of the pointer (4 bytes in
> case of a 32bit system) not the length of the data the pointer points to
> (8 byte).
>
> static void
> __glXProcessServerString( const struct extension_info * ext,
> 			  const char * server_string,
> 			  unsigned char * server_support )
> {
>    unsigned  base;
>    unsigned  len;
>
>    (void) memset( server_support, 0, sizeof( server_support ) );
>
> Furthermore the length of the memory area pointed to by server_support
> is defined in varying ways in the coding:
>
> #define __GL_EXT_BYTES   ((__NUM_GL_EXTS + 7) / 8)
>
>
> unsigned char server_support[ __GL_EXT_BYTES ];
> unsigned char server_support[8];
>
> Currently __NUM_GL_EXTS = 123, so __GL_EXT_BYTES = 8.
>
> What is expected to happen if __GL_EXT_BYTES > 8 after defining six more
> values in the unamed (sic!) enum with the different bits?
>
> This questionable code was identified with cppcheck.
> http://cppcheck.sourceforge.net/
>
> Best regards
>
> Heinrich Schuchardt

Now that you have analyzed it, do you see a chance for coming up with patch?

THANKS+GREETS,
Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#776; Package nx-libs. (Sat, 31 Jan 2015 15:10:02 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Sat, 31 Jan 2015 15:10:02 GMT) (full text, mbox, link).


Message #20 received at 776@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>, 776@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#776: nx-X11: Size of pointer 'server_support' used instead of size of its data
Date: Sat, 31 Jan 2015 15:05:44 +0000
[Message part 1 (text/plain, inline)]
Hi Heinrich,

On  Fr 30 Jan 2015 21:22:55 CET, Heinrich Schuchardt wrote:

> The same bug exists in the master branch of
> http://cgit.freedesktop.org/mesa/mesa/tree/src/glx/glxextensions.c
>
> But here __GL_EXT_BYTES = 9.
>
> I will report the same bug to the upstream.
>
> Who takes care of porting new upstream versions of the mesa library to x2go?

I currently have this (and update xrandr) on my list.

Please provide patches to Xorg and X2Go, if possible.

Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#776; Package nx-libs. (Sat, 31 Jan 2015 21:30:02 GMT) (full text, mbox, link).


Acknowledgement sent to "Heinrich Schuchardt" <xypron.glpk@gmx.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Sat, 31 Jan 2015 21:30:02 GMT) (full text, mbox, link).


Message #25 received at 776@bugs.x2go.org (full text, mbox, reply):

From: "Heinrich Schuchardt" <xypron.glpk@gmx.de>
To: "Mike Gabriel" <mike.gabriel@das-netzwerkteam.de>, 776@bugs.x2go.org
Subject: Re: Re: [X2Go-Dev] Bug#776: nx-X11: Size of pointer 'server_support' used instead of size of its data
Date: Sat, 31 Jan 2015 22:24:24 +0100
[Message part 1 (text/html, inline)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#776; Package nx-libs. (Sun, 01 Feb 2015 05:40:01 GMT) (full text, mbox, link).


Acknowledgement sent to Mihai Moldovan <ionic@ionic.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Sun, 01 Feb 2015 05:40:01 GMT) (full text, mbox, link).


Message #30 received at 776@bugs.x2go.org (full text, mbox, reply):

From: Mihai Moldovan <ionic@ionic.de>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>, 776@bugs.x2go.org, Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Subject: Re: [X2Go-Dev] Bug#776: nx-X11: Size of pointer 'server_support' used instead of size of its data
Date: Sun, 01 Feb 2015 06:37:18 +0100
[Message part 1 (text/plain, inline)]
If I may...

On 31.01.2015 10:24 PM, Heinrich Schuchardt wrote:
> In the last year a lot of security relevant errors were discovered and
> fixed in the x-server code. What is the policy of the x2go project? Do
> you want to rebase the nx-libs package on current xorg code? Do you
> plan to support Wayland which will be replacing x11?

The long-term goal is to rebase nx-libs against current Xorg code and
have it even potentially merged upstream. This will however require a
lot of funding or alternatively time. We discussed this issue to great
length during the last X2Go meeting in October/November 2014.

Meanwhile, Mike is currently factoring out a lot of dead code which has
been copied verbatim by NoMachine, but is not actually used for building
nx-libs. And doing a tremendous job at that.



Mihai

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#776; Package nx-libs. (Mon, 02 Feb 2015 19:55:01 GMT) (full text, mbox, link).


Acknowledgement sent to Heinrich Schuchardt <xypron.glpk@gmx.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Mon, 02 Feb 2015 19:55:01 GMT) (full text, mbox, link).


Message #35 received at 776@bugs.x2go.org (full text, mbox, reply):

From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: 776@bugs.x2go.org
Subject: Re: nx-X11: Size of pointer 'server_support' used instead of size of its data
Date: Mon, 02 Feb 2015 20:52:27 +0100
[Message part 1 (text/plain, inline)]
The appended patch

From: Ian Romanick <idr@us.ibm.com>
Date: Thu, 13 Jul 2006 15:27:37 +0000
Subject: [PATCH] Move initialization of server_support from
__glXProcessServerString to __glXCalcualteUsableExtensions.

should solve the problem. I adjusted the file path to make it applicable
to x2go.

Cf.
https://bugs.freedesktop.org/show_bug.cgi?id=7353

The patch dates from *** 2006 ***. We definitely should rebase the mesa
code.

Best regards

Heinrich Schuchardt

[0001-Move-initialization-of-server_support-from-__glXProc.patch (text/x-patch, attachment)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#776; Package nx-libs. (Tue, 03 Feb 2015 04:00:01 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Tue, 03 Feb 2015 04:00:01 GMT) (full text, mbox, link).


Message #40 received at 776@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 776-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 776@bugs.x2go.org
Subject: X2Go issue (in src:nx-libs) has been marked as pending for release
Date: Tue, 3 Feb 2015 04:59:20 +0100 (CET)
tag #776 pending
fixed #776 2:3.5.0.29
thanks

Hello,

X2Go issue #776 (src:nx-libs) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=nx-libs.git;a=commitdiff;h=b992fda

The issue will most likely be fixed in src:nx-libs (2:3.5.0.29).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit b992fdaa0f0789e4e1db6d121cfff979210dcb52
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Tue Feb 3 04:59:13 2015 +0100

    Add patch 700_nx-X11_mesa-initialize-server-support-correctly.full.patch. Initialize server_support array with correct size. Fix Mesa upstream bugzilla bug #7353. (Fixes: #776).

diff --git a/debian/changelog b/debian/changelog
index bebcf51..a5e08c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -100,6 +100,11 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium
     launched as x2goagent, use X2Go-specific paths for the keystrokes.cfg file.
     (Fixes: #744).
 
+  [ Heinrich Schuchardt ]
+  + Add patch 700_nx-X11_mesa-initialize-server-support-correctly.full.patch.
+    Initialize server_support array with correct size. Fix Mesa upstream
+    bugzilla bug #7353. (Fixes: #776).
+
   [ Mihai Moldovan ]
   * Change string "X2go" to "X2Go" where appropriate.
 


Added tag(s) pending. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Tue, 03 Feb 2015 04:00:02 GMT) (full text, mbox, link).


Marked as fixed in versions 2:3.5.0.29. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Tue, 03 Feb 2015 04:00:02 GMT) (full text, mbox, link).


Message sent on to Heinrich Schuchardt <xypron.glpk@gmx.de>:
Bug#776. (Tue, 03 Feb 2015 04:00:03 GMT) (full text, mbox, link).


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#776; Package nx-libs. (Tue, 10 Feb 2015 04:25:02 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Tue, 10 Feb 2015 04:25:02 GMT) (full text, mbox, link).


Message #52 received at 776@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 776@bugs.x2go.org
Cc: 776-submitter@bugs.x2go.org
Subject: fix for #776 reverted
Date: Tue, 10 Feb 2015 04:20:52 +0000
[Message part 1 (text/plain, inline)]
Control: tag -1 not-a-bug
Control: close -1


Hi Heinrich,

yesterday, I reverted the fix for #776 because while applying all the  
NX patches in preparation of the 3.6.x branch of nx-libs [1], I  
realized that the file in question (glxextensions.c) never gets used  
at build time.


Greets,
Mike

[1] https://github.com/ArcticaProject/nx-libs
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Added tag(s) not-a-bug. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to 776-submit@bugs.x2go.org. (Tue, 10 Feb 2015 04:25:02 GMT) (full text, mbox, link).


Marked Bug as done Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to 776-submit@bugs.x2go.org. (Tue, 10 Feb 2015 04:25:02 GMT) (full text, mbox, link).


Notification sent to Heinrich Schuchardt <xypron.glpk@gmx.de>:
Bug acknowledged by developer. (Tue, 10 Feb 2015 04:25:02 GMT) (full text, mbox, link).


Message sent on to Heinrich Schuchardt <xypron.glpk@gmx.de>:
Bug#776. (Tue, 10 Feb 2015 04:25:03 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.x2go.org> to internal_control@bugs.x2go.org. (Tue, 10 Mar 2015 06:24:01 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Nov 20 09:59:27 2019; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.