From f9afb5a54435c30961306080e9358d4240ecb844 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Thu, 2 Mar 2006 23:34:19 -0800 Subject: [PATCH] assert() that we will not infinite loop or read uninitialized memory. --- src/xcl/xcblock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/xcl/xcblock.c b/src/xcl/xcblock.c index ee48608c..c0a2db91 100644 --- a/src/xcl/xcblock.c +++ b/src/xcl/xcblock.c @@ -158,6 +158,7 @@ static inline int issue_complete_request(Display *dpy, int veclen, struct iovec size_t len; /* skip empty iovecs. if no iovecs remain, we're done. */ + assert(veclen >= 0); while(veclen > 0 && vec[0].iov_len == 0) --veclen, ++vec; if(!veclen) @@ -166,10 +167,14 @@ static inline int issue_complete_request(Display *dpy, int veclen, struct iovec /* we have at least part of a request. dig out the length field. * note that length fields are always in vec[0]: Xlib doesn't split * fixed-length request parts. */ + assert(vec[0].iov_len >= 4); len = ((CARD16 *) vec[0].iov_base)[1]; if(len == 0) + { /* it's a bigrequest. dig out the *real* length field. */ + assert(vec[0].iov_len >= 8); len = ((CARD32 *) vec[0].iov_base)[1]; + } len <<= 2; /* do we have enough data for a complete request? how many iovec