mirror of
https://gitlab.freedesktop.org/xorg/xserver.git
synced 2025-12-31 02:00:08 +01:00
3fb94f3c5c
Adding the offset between the realloc result and the old allocation to
update pointers into the new allocation is undefined behaviour: the
old pointers are no longer valid after realloc() according to the C
standard. While this works on almost all architectures and compilers,
it causes problems on architectures that track pointer bounds (e.g.
CHERI or Arm's Morello): the DevPrivateKey pointers will still have the
bounds of the previous allocation and therefore any dereference will
result in a run-time trap.
I found this due to a crash (dereferencing an invalid capability) while
trying to run `XVnc` on a CHERI-RISC-V system. With this commit I can
successfully connect to the XVnc instance running inside a QEMU with a
VNC viewer on my host.
This also changes the check whether the allocation was moved to use
uintptr_t instead of a pointer since according to the C standard:
"The value of a pointer becomes indeterminate when the object it
points to (or just past) reaches the end of its lifetime." Casting to an
integer type avoids this undefined behaviour.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| atom.c | ||
| buildatoms | ||
| BuiltInAtoms | ||
| colormap.c | ||
| cursor.c | ||
| devices.c | ||
| dispatch.c | ||
| dispatch.h | ||
| dixfonts.c | ||
| dixutils.c | ||
| enterleave.c | ||
| enterleave.h | ||
| eventconvert.c | ||
| events.c | ||
| extension.c | ||
| gc.c | ||
| gestures.c | ||
| getevents.c | ||
| globals.c | ||
| glyphcurs.c | ||
| grabs.c | ||
| initatoms.c | ||
| inpututils.c | ||
| main.c | ||
| Makefile.am | ||
| meson.build | ||
| pixmap.c | ||
| privates.c | ||
| property.c | ||
| protocol.txt | ||
| ptrveloc.c | ||
| region.c | ||
| registry.c | ||
| resource.c | ||
| selection.c | ||
| stubmain.c | ||
| swaprep.c | ||
| swapreq.c | ||
| tables.c | ||
| touch.c | ||
| window.c | ||