[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#990647: marked as done (nxagent: in Compext.c: fix comparisons of 16bit sequence numbers)



Your message dated Sat, 03 Jul 2021 20:20:02 +0000
with message-id <E1lzm7O-0003Q3-7o@fasolo.debian.org>
and subject line Bug#990647: fixed in nx-libs 2:3.5.99.26-2
has caused the Debian Bug report #990647,
regarding nxagent: in Compext.c: fix comparisons of 16bit sequence numbers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
990647: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990647
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: nxagent
Severity: important
Version: 3.5.99.26-1
Tags: patch

In Compext.c a flawed comparison has been discovered lately by Ulrich Sibiller and Norm Green.

From the commit message:

```
rep->generic.sequenceNumber is of type CARD16
state->sequence is of type unsigned long

Converting state->sequence to an int as it has been done since the
first version of nxcomp I know of (1.3.0-18 from 2003) is wrong here
because for numbers > INT_MAX this will result in a negative number,
which, after applying the 16bit modulo, will not match
rep->generic.sequenceNumber.

Example with numbers:

CARD16 c = 24565
unsigned long u = 3179110389

c % 65536 = 24565
u % 65536 = 24565

(int)(u) = -1115856907
(int)(u) % 65536 = -40971

-40971 will not match 24565

To fix this we need to ensure the number stays positive. We use CARD16
for this to match the type in the request which is a 16bit number. On
my system CARD16 is unsigned short which is guaranteed to contain _at
least_ the 0-65,535 range. As there is no upper limit of the range we
cannot drop the modulo because we need this value to be 16bit and not
more.

Thanks to Norm Green for providing log after log until we could
finally identify the reason for him seeing "Xlib: unexpected async
reply (sequence 0x94b01439)!" when pasting stopped working.
```

Patch for this has been attached.

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

>From 1b4ebce2ce8ef29c01bd124ed56c9d6a14c9a82d Mon Sep 17 00:00:00 2001
From: Ulrich Sibiller <uli42@gmx.de>
Date: Wed, 17 Mar 2021 22:17:55 +0100
Subject: [PATCH] Compext.c: fix comparisons of 16bit sequence numbers

rep->generic.sequenceNumber is of type CARD16
state->sequence is of type unsigned long

Converting state->sequence to an int as it has been done since the
first version of nxcomp I know of (1.3.0-18 from 2003) is wrong here
because for numbers > INT_MAX this will result in a negative number,
which, after applying the 16bit modulo, will not match
rep->generic.sequenceNumber.

Example with numbers:

CARD16 c = 24565
unsigned long u = 3179110389

c % 65536 = 24565
u % 65536 = 24565

(int)(u) = -1115856907
(int)(u) % 65536 = -40971

-40971 will not match 24565

To fix this we need to ensure the number stays positive. We use CARD16
for this to match the type in the request which is a 16bit number. On
my system CARD16 is unsigned short which is guaranteed to contain _at
least_ the 0-65,535 range. As there is no upper limit of the range we
cannot drop the modulo because we need this value to be 16bit and not
more.

Thanks to Norm Green for providing log after log until we could
finally identify the reason for him seeing "Xlib: unexpected async
reply (sequence 0x94b01439)!" when pasting stopped working.

Signed-off-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
---
 nx-X11/programs/Xserver/hw/nxagent/compext/Compext.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/nx-X11/programs/Xserver/hw/nxagent/compext/Compext.c b/nx-X11/programs/Xserver/hw/nxagent/compext/Compext.c
index 4a8dacaf4..7a6cb9e30 100644
--- a/nx-X11/programs/Xserver/hw/nxagent/compext/Compext.c
+++ b/nx-X11/programs/Xserver/hw/nxagent/compext/Compext.c
@@ -3435,7 +3435,7 @@ static Bool _NXCollectImageHandler(Display *dpy, xReply *rep, char *buf,
   state = (_NXCollectImageState *) data;
 
   if ((rep -> generic.sequenceNumber % 65536) !=
-          ((int)(state -> sequence) % 65536))
+          ((CARD16)(state -> sequence) % 65536))
   {
     #ifdef TEST
     fprintf(stderr, "******_NXCollectImageHandler: Unmatched sequence [%d] for opcode [%d] "
@@ -3819,7 +3819,7 @@ static Bool _NXCollectPropertyHandler(Display *dpy, xReply *rep, char *buf,
   state = (_NXCollectPropertyState *) data;
 
   if ((rep -> generic.sequenceNumber % 65536) !=
-          ((int)(state -> sequence) % 65536))
+          ((CARD16)(state -> sequence) % 65536))
   {
     #ifdef TEST
     fprintf(stderr, "******_NXCollectPropertyHandler: Unmatched sequence [%d] for opcode [%d] "
@@ -4173,7 +4173,7 @@ static Bool _NXCollectGrabPointerHandler(Display *dpy, xReply *rep, char *buf,
   state = (_NXCollectGrabPointerState *) data;
 
   if ((rep -> generic.sequenceNumber % 65536) !=
-          ((int)(state -> sequence) % 65536))
+          ((CARD16)(state -> sequence) % 65536))
   {
     #ifdef TEST
     fprintf(stderr, "******_NXCollectGrabPointerHandler: Unmatched sequence [%d] for opcode [%d] "
@@ -4447,7 +4447,7 @@ static Bool _NXCollectInputFocusHandler(Display *dpy, xReply *rep, char *buf,
   state = (_NXCollectInputFocusState *) data;
 
   if ((rep -> generic.sequenceNumber % 65536) !=
-          ((int)(state -> sequence) % 65536))
+          ((CARD16)(state -> sequence) % 65536))
   {
     #ifdef TEST
     fprintf(stderr, "******_NXCollectInputFocusHandler: Unmatched sequence [%d] for opcode [%d] "
-- 
2.30.2

Attachment: pgpUz8FlSd7bX.pgp
Description: Digitale PGP-Signatur


--- End Message ---
--- Begin Message ---
Source: nx-libs
Source-Version: 2:3.5.99.26-2
Done: Mike Gabriel <sunweaver@debian.org>

We believe that the bug you reported is fixed in the latest version of
nx-libs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 990647@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated nx-libs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 03 Jul 2021 20:42:32 +0200
Source: nx-libs
Architecture: source
Version: 2:3.5.99.26-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 990647 990649 990650
Changes:
 nx-libs (2:3.5.99.26-2) unstable; urgency=medium
 .
   * debian/patches:
     + Add 0001_Compext.c-fix-comparisons-of-16bit-sequence-numbers.patch.
       Compext.c: fix comparisons of 16bit sequence numbers. (Closes:
       #990647).
     + Add 0002_Forward-ClientMessages-to-nxproxy-side.patch.
       Forward ClientMessages to nxproxy side. (Closes: #990649).
     + Add 0003_randr-Do-not-update-ConnectionInfo-if-NULL.patch.
       randr: Do not update ConnectionInfo if NULL (and avoid the nxagent
       Xserver from crashing). (Closes: #990650).
     + Add 0004_document-additional-options-only-nxagent-knows-about.patch.
       Update man page and --help documentation of nxproxy/nxagent.
     + Adjust 0004_document-additional-options-only-nxagent-knows-about.patch.
       Version 3.5.99.26 does not yet have the textclipboard=<bool> session
       parameter.
Checksums-Sha1:
 927a53cc9b3fcf37eac92e2713ffdb48f79b1303 3958 nx-libs_3.5.99.26-2.dsc
 7701795d92cf265cfa6771bef5f7be329ccde778 55736 nx-libs_3.5.99.26-2.debian.tar.xz
 b37db445507f9b3cc6ca948a8ce95801729e0d42 8071 nx-libs_3.5.99.26-2_source.buildinfo
Checksums-Sha256:
 2707d4785544de4238b5f5598223b5adfcd73a88aa2f546481435da0e3ff8088 3958 nx-libs_3.5.99.26-2.dsc
 e2faab033a134e81f49e4d075ee63aa701462654e4568611bbbea652d6647607 55736 nx-libs_3.5.99.26-2.debian.tar.xz
 c406ebae243d0c50d6c1bc6b10835b0dcb6c090786fade1dcb10ce361d4f0ba0 8071 nx-libs_3.5.99.26-2_source.buildinfo
Files:
 61802b1b6188d583f02997e41c558c94 3958 x11 optional nx-libs_3.5.99.26-2.dsc
 56303f7587e6708b55798f8914a42615 55736 x11 optional nx-libs_3.5.99.26-2.debian.tar.xz
 8d3c22aae27f9406abd5a05b161fc1b4 8071 x11 optional nx-libs_3.5.99.26-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmDgwxgVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxWY4QAICQYSV93PjF1GwXKW3bTNfrPNav
kTsa/GeB6QA5zgPSc+gt3Hp/Wdn7D+qOZR5M/kldgFnAVbo1QqDSAF+PI4FTkUjS
7RK/F4/2vgVe9N2oAq8Q7vW1ns+438sibBji1j8f5Fwuim51YHy69kFpVIe8qOi5
mA0PDlDDV4s4CGr2xk6pBk+x/GwoGbcm7rAiOM/hvAU2/av3z5ZSpGHBC4SMpBhc
y9SPtqPes1VeuFFd+jLZqz4595mfUsEZTKZGtOKdZkIRSTfZz2kn4G/ELUOYTZL8
+0kh5Db5OcaDOP/eiphcsAsV9MSFmHue4pmvE99vOe0fOWXE0H8JFdEXbJFGDPcR
4nY/5loc6Js10Gmvl854au7X6Gbuj1PMlGtS8scfmJegaExgBCQ3POrsapgq2RdP
0WbYo90psNkn227+klIykeEJdPYfwWEPaOmqUZib+zXGCdTKaANvV7+0WB/nFgXo
xZAP2WJtzblP6kgbSoHKJOyt/Veh3NtTu+jqRujnJd31WUQpy3x+mpG5kl9sVpvI
tUp0RBnfvXw0N7RO5sKBi83T3MUeO6VUX9rPyyz5VjinMs0VOEYsFtE1xrVaEVyu
bhFryKt5hJeLJyAStIJXZ+TacnPcfWssX+8U8N0cp83wQxbmBjdGH6Z1+jJlw2E1
R9L9mkOxw8UAscHp
=ipHS
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: