Compiz Core

Merge lp://qastaging/~vanvugt/compiz-core/fix-940066 into lp://qastaging/compiz-core

  1. fix-940066
  2. Merge into 0.9.7
Proposed by Daniel van Vugt
Status: Superseded
Proposed branch: lp://qastaging/~vanvugt/compiz-core/fix-940066
Merge into: lp://qastaging/compiz-core
Diff against target: 89 lines (+53/-5)
1 file modified
libdecoration/decoration.c (+53/-5)
To merge this branch: bzr merge lp://qastaging/~vanvugt/compiz-core/fix-940066
Reviewer Review Type Date Requested Status
Sam Spilsbury Approve
Review via email: mp+94502@code.qastaging.launchpad.net

This proposal has been superseded by a proposal from 2012-02-27.

Description of the change

Avoid uninitialized memory reads, which could lead to unpredictable results.
The uninitialized memory was in the padding bytes of imperfectly aligned
structures. (LP: #940066)

To post a comment you must log in.
Revision history for this message
Sam Spilsbury (smspillaz) wrote :

Gah, truly bitten by this I see :/

review: Approve
Revision history for this message
Alan Griffiths (alan-griffiths) wrote :

It seems odd to use "return memcmp (a, b, sizeof (double) * 6);" without at least a compile-time assert that sizeof (decor_matrix_t) == sizeof (double) * 6).

#define STATIC_ASSERT(condition, label) _Static_assert(condition, #label)
STATIC_ASSERT(sizeof (decor_matrix_t) == sizeof (double) * 6, decor_matrix_t is 6 doubles);

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

That assertion would be incorrect, which is why I avoided sizeof (decor_matrix_t).

Structure alignment rules guarantee that decor_matrix_t contains 6 doubles tightly packed at offset 0. However I do not think they guarantee how much padding there is after that. Thus, you cannot assume sizeof (decor_matrix_t) == 6 * sizeof (double).

Revision history for this message
Alan Griffiths (alan-griffiths) wrote :

While I agree there is no C standard requirement that there is no tail
padding, the universal implementation of tail padding is for the size
of a struct to reach the smallest possible multiple of the alignment
required by the contained types.  (This is required by every ABI that
I've seen.)
If you feel a need to be paranoid I don't believe one can show that
all bits in a double are significant.

----- Original Message -----
From: <email address hidden>
To:"Daniel van Vugt"
Cc:
Sent:Sat, 25 Feb 2012 03:19:16 -0000
Subject:Re: [Merge] lp:~vanvugt/compiz-core/fix-940066 into
lp:compiz-core

 That assertion would be incorrect, which is why I avoided sizeof
(decor_matrix_t).

 Structure alignment rules guarantee that decor_matrix_t contains 6
doubles tightly packed at offset 0. However I do not think they
guarantee how much padding there is after that. Thus, you cannot
assume sizeof (decor_matrix_t) == 6 * sizeof (double).
 --
https://code.launchpad.net/~vanvugt/compiz-core/fix-940066/+merge/94502
[1]
 Your team Compiz Maintainers is subscribed to branch lp:compiz-core.

Links:
------
[1]
https://code.launchpad.net/~vanvugt/compiz-core/fix-940066/+merge/94502

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

I think all the bits in a double are significant to an equality operation:
http://en.wikipedia.org/wiki/Double_precision_floating-point_format

But I'm happy to remove the memcmp for argument's sake.

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches