Bug 10672

Summary: MAXBUFSIZE - what is it good for?
Product: xorg Reporter: Chris Wilson <chris>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED DUPLICATE QA Contact: Xorg Project Team <xorg-team>
Severity: critical    
Priority: medium CC: jani.saarinen, vytautas.liuolia
Version: git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Chris Wilson 2007-04-18 05:38:54 UTC 
maxBigRequestSize can be greater than MAXBUFSIZE, so clients (libXrender) that try to fully utilize BigReqs get an XIO error as the connection is forcibly closed. Even s/MAXBUFSIZE/maxBigRequestSize<<2/ prevents the client from receiving a BadLength error for an over-long request.

It appears that simply terminating the client if the request buffer can not be grown to accommodate the request seems the only sane approach - that is completely discard the "request is too large to handle" check.

diff --git a/os/io.c b/os/io.c
index 4e83e68..b7dd3a2 100644
--- a/os/io.c
+++ b/os/io.c
@@ -308,12 +308,6 @@ ReadRequestFromClient(ClientPtr client)
         */
 
        oci->lenLastReq = 0;
-       if (needed > MAXBUFSIZE)
-       {
-           /* request is too big for us to handle */
-           YieldControlDeath();
-           return -1;
-       }
        if ((gotnow == 0) ||
            ((oci->bufptr - oci->buffer + needed) > oci->size))
        {
Comment 1 Chris Wilson 2007-08-14 04:54:24 UTC 
*** Bug 4135 has been marked as a duplicate of this bug. ***
Comment 2 Alan Coopersmith 2007-11-05 18:33:09 UTC 
This seems to have been already fixed in git master:

commit ca82d4bddf235c9b68d51d68636bab40eafb9889
Author: Eric Anholt <eric@anholt.net>
Date:   Fri Aug 31 13:00:23 2007 -0700

    Bug #7186: Fix an excessive request size limitation that broke big-requests.
    
    MAXBUFSIZE appears to be a leftover of some previous time.  Instead, just
    use maxBigRequestSize when bigreqs are available (limiting buffers to ~16MB)
    When bigreqs are not available, needed won't be larger than the maximum
    size of a non-bigreqs request (256kB).

diff --git a/os/io.c b/os/io.c
index 835af54..9de75ee 100644
--- a/os/io.c
+++ b/os/io.c
@@ -304,12 +304,14 @@ #endif
         */
 
        oci->lenLastReq = 0;
-       if (needed > MAXBUFSIZE)
+#ifdef BIGREQS
+       if (needed > maxBigRequestSize << 2)
        {
            /* request is too big for us to handle */
            YieldControlDeath();
            return -1;
        }
+#endif
        if ((gotnow == 0) ||
            ((oci->bufptr - oci->buffer + needed) > oci->size))
        {
diff --git a/os/osdep.h b/os/osdep.h
index 965436d..2d455aa 100644
--- a/os/osdep.h
+++ b/os/osdep.h
@@ -55,9 +55,6 @@ #define _OSDEP_H_ 1
 #define BOTIMEOUT 200 /* in milliseconds */
 #define BUFSIZE 4096
 #define BUFWATERMARK 8192
-#ifndef MAXBUFSIZE
-#define MAXBUFSIZE (1 << 22)
-#endif
 
 #include <X11/Xdmcp.h>
 


*** This bug has been marked as a duplicate of bug 7186 ***
Comment 3 Chris Wilson 2017-04-13 20:21:33 UTC 
*** Bug 99726 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.