X2Go Bug report logs - #776
nx-X11: Size of pointer 'server_support' used instead of size of its data

version graph

Package: nx-libs; Maintainer for nx-libs is X2Go Developers <x2go-dev@lists.x2go.org>;

Reported by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Date: Fri, 30 Jan 2015 19:35:02 UTC

Severity: normal

Tags: not-a-bug, pending

Found in version head

Fixed in version 2:

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#776: nx-X11: Size of pointer 'server_support' used instead of size of its data
Reply-To: Heinrich Schuchardt <xypron.glpk@gmx.de>, 776@bugs.x2go.org
Resent-From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Fri, 30 Jan 2015 19:35:02 +0000
Resent-Message-ID: <handler.776.B.14226464985843@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 776
X-X2Go-PR-Package: nx-libs
Received: via spool by submit@bugs.x2go.org id=B.14226464985843
          (code B); Fri, 30 Jan 2015 19:35:02 +0000
Received: (at submit) by bugs.x2go.org; 30 Jan 2015 19:34:58 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM
	autolearn=ham version=3.3.2
X-Greylist: delayed 301 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Fri, 30 Jan 2015 20:34:57 CET
Received: from mout.gmx.net (mout.gmx.net [])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 495563BC8A
	for <submit@bugs.x2go.org>; Fri, 30 Jan 2015 20:34:57 +0100 (CET)
Received: from [] ([]) by mail.gmx.com (mrgmx102)
 with ESMTPSA (Nemesis) id 0MCOdh-1YPppt1VNR-009Cbb for
 <submit@bugs.x2go.org>; Fri, 30 Jan 2015 20:29:56 +0100
Message-ID: <54CBDBAF.7010309@gmx.de>
Date: Fri, 30 Jan 2015 20:29:51 +0100
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0
MIME-Version: 1.0
To: submit@bugs.x2go.org
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Provags-ID:  V03:K0:yhDRaxxCGblO+pgNWRwKv9uwoFH1UYM8vaNSdYpMMxXzZfSg9YW
X-UI-Out-Filterresults: notjunk:1;
package: nx-libs
version: head

In nx-libs/nx-X11/extras/Mesa/src/glx/x11/glxextensions.c
the length of the zeroed memory is the length of the pointer (4 bytes in
case of a 32bit system) not the length of the data the pointer points to
(8 byte).

static void
__glXProcessServerString( const struct extension_info * ext,
			  const char * server_string,
			  unsigned char * server_support )
   unsigned  base;
   unsigned  len;

   (void) memset( server_support, 0, sizeof( server_support ) );

Furthermore the length of the memory area pointed to by server_support
is defined in varying ways in the coding:

#define __GL_EXT_BYTES   ((__NUM_GL_EXTS + 7) / 8)

unsigned char server_support[ __GL_EXT_BYTES ];
unsigned char server_support[8];

Currently __NUM_GL_EXTS = 123, so __GL_EXT_BYTES = 8.

What is expected to happen if __GL_EXT_BYTES > 8 after defining six more
values in the unamed (sic!) enum with the different bits?

This questionable code was identified with cppcheck.

Best regards

Heinrich Schuchardt

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Jul 19 19:07:55 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.