Sender: stephent@cr610941-a.rct1.bc.wave.home.com X-Uptime: 10:53am up 5 days, 19:56, 6 users, load average: 0.11, 0.04, 0.02 X-OS: Linux cr610941-a 2.2.11 #2 Mon Sep 6 15:40:58 PDT 1999 i586 unknown X-Homepage: http://www.sfu.ca/~stephent To: xbugs@x.org, fixes@xfree86.org, David Dawes Subject: bug in reply length field of ProcDbeGetVisualInfo Bcc: on-fire@home.com Mime-Version: 1.0 (generated by tm-edit 1.5) Content-Type: text/plain; charset=US-ASCII From: Stephen Tse Date: 02 Sep 2000 10:53:30 -0700 Message-ID: <874s3y7k9x.fsf@cr610941-a.rct1.bc.wave.home.com> X-Mailer: Gnus v5.6.45/XEmacs 21.2 - "Nike" Lines: 35 Xref: cr610941-a.rct1.bc.wave.home.com archive:47 Hi there! There seems to be a bug of ProcDbeGetVisualInfo in all servers based on xc sample implementation (up to R6.5). The reply length field is counted in byte instead of in unit of four bytes. In lines around 959 in programs/Xserver/dbe/dbe.c: /* Account for n, number of xDbeVisInfo items in list. */ length += sizeof(CARD32); /* Account for n xDbeVisInfo items */ length += pScrVisInfo[i].count * sizeof(xDbeVisInfo); } rep.type = X_Reply; rep.sequenceNumber = client->sequence; rep.length = length; rep.m = count; The second last line should be replaced with "rep.length = length >> 2". But it's only my best guess and I have not tested it at all. The bug does not show up because xlib timeouts and ignores shorter than expected error (without reporting, a very serious bug blackhole). However, while I am developing a new binding for Java, I discovered the bug by browsing through the source code from xc. Thank you.