[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

xorg server 6.8.2 and below on 64bit arch

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: xorg server 6.8.2 and below on 64bit arch
From: serj@xxxxxxxxx
Date: 8 Jan 2006 15:26:05 -0000

This might be nothing or might be something comment please! My system is 64bit 
turion with 64 bit ubuntu on top. On this machine long = void* = 8 bytes. On a 
32 bit arch long = void* = 4 bytes.
Great now lets have look on this.

typedef struct {
 int type;     
 unsigned long serial;   
 Bool send_event; 
 Display *display; 
 Window window;
 Atom message_type;
 int format;
   union {
          char b[20];
          short s[10];
          long l[5];
  } data;
} XClientMessageEvent;

struct taken from the man page (the same lays into Xlib.h) , which later says: 
"The format member is set to 8, 16, or 32 and specifies whether the data should 
be viewed as a list of bytes, shorts, or longs."

Problems:
1) if i choose to pass a long through this msg the X server is gonna screw it 
up. On the other end all i am gonna recieve is 0xffffffff+theotherhalf
I don't know what you think but i think on a 64 bit arch it could be used to 
crash an app atleast.
2) From the union 5*8 = 40 != 20 therefor XClientMessageEvent is 20 bytes 
LONGER on a 64 bit arch than on 32 bit. 

Again comment pls as i spot some more code like this in Xlib.h

Prev by Date: Recon2006 - Call for papers
Next by Date: Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities
Previous by thread: Recon2006 - Call for papers
Next by thread: Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities
Index(es):
- Date
- Thread