• Jeremy Huddleston Sequoia's avatar
    XQuartz: Make sure that darwin_all_modifier_mask_additions is 0-terminated · 3db7e332
    Jeremy Huddleston Sequoia authored
    Found by ASan
    
    X.Org X Server 1.17.99.901 Build Date: 20151018
    ================================================================
    ==40471==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000101fed7a4 at pc 0x000101584030 bp 0x70000029f920 sp 0x70000029f918
    READ of size 4 at 0x000101fed7a4 thread T7
        #0 0x10158402f in DarwinEQInit darwinEvents.c:377
        #1 0x10157f3bc in InitInput darwin.c:566
        #2 0x101be87ad in dix_main main.c:268
        #3 0x10159131b in server_thread quartzStartup.c:66
        #4 0x7fff8a535c12 in _pthread_body (/usr/lib/system/libsystem_pthread.dylib+0x3c12)
        #5 0x7fff8a535b8f in _pthread_start (/usr/lib/system/libsystem_pthread.dylib+0x3b8f)
        #6 0x7fff8a533374 in thread_start (/usr/lib/system/libsystem_pthread.dylib+0x1374)
    
    0x000101fed7a4 is located 0 bytes to the right of global variable 'darwin_all_modifier_mask_additions' defined in 'darwinEvents.c:181:12'
    (0x101fed7a0) of size 4
    SUMMARY: AddressSanitizer: global-buffer-overflow darwinEvents.c:377 DarwinEQInit
    Shadow bytes around the buggy address:
      0x1000203fdaa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x1000203fdab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x1000203fdac0: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
      0x1000203fdad0: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
      0x1000203fdae0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 f9 f9 f9
    =>0x1000203fdaf0: f9 f9 f9 f9[04]f9 f9 f9 f9 f9 f9 f9 00 00 00 00
      0x1000203fdb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x1000203fdb10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x1000203fdb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x1000203fdb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x1000203fdb40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07
      Heap left redzone:       fa
      Heap right redzone:      fb
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack partial redzone:   f4
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
    Thread T7 created by T0 here:
        #0 0x10242ee99 in wrap_pthread_create
    (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/7.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x37e99)
        #1 0x101591089 in create_thread quartzStartup.c:78
        #2 0x101590ed9 in QuartzInitServer quartzStartup.c:95
        #3 0x1015697eb in X11ApplicationMain X11Application.m:1277
        #4 0x101575dc0 in X11ControllerMain X11Controller.m:984
        #5 0x10159171a in server_main quartzStartup.c:127
        #6 0x101540fc0 in do_start_x11_server bundle-main.c:436
        #7 0x101544869 in _Xstart_x11_server mach_startupServer.c:189
        #8 0x101545c96 in mach_startup_server mach_startupServer.c:398
        #9 0x7fff8d1b70f3 in mach_msg_server (/usr/lib/system/libsystem_kernel.dylib+0x110f3)
        #10 0x1015416e7 in main bundle-main.c:774
        #11 0x7fff8bd975ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
        #12 0x0  (<unknown module>)
    Signed-off-by: default avatarJeremy Huddleston Sequoia <jeremyhu@apple.com>
    3db7e332
Name
Last commit
Last update
Xext Loading commit data...
Xi Loading commit data...
composite Loading commit data...
config Loading commit data...
damageext Loading commit data...
dbe Loading commit data...
dix Loading commit data...
doc Loading commit data...
dri3 Loading commit data...
exa Loading commit data...
fb Loading commit data...
glamor Loading commit data...
glx Loading commit data...
hw Loading commit data...
include Loading commit data...
m4 Loading commit data...
man Loading commit data...
mi Loading commit data...
miext Loading commit data...
os Loading commit data...
present Loading commit data...
pseudoramiX Loading commit data...
randr Loading commit data...
record Loading commit data...
render Loading commit data...
test Loading commit data...
xfixes Loading commit data...
xkb Loading commit data...
.dir-locals.el Loading commit data...
.gitignore Loading commit data...
COPYING Loading commit data...
Makefile.am Loading commit data...
README Loading commit data...
autogen.sh Loading commit data...
configure.ac Loading commit data...
devbook.am Loading commit data...
docbook.am Loading commit data...
fix-miregion Loading commit data...
fix-miregion-private Loading commit data...
fix-patch-whitespace Loading commit data...
fix-region Loading commit data...
manpages.am Loading commit data...
xorg-server.m4 Loading commit data...
xorg-server.pc.in Loading commit data...
xserver.ent.in Loading commit data...