Created attachment 343134 [details] Proposed patch Description of problem: The code in Xorg xfs is not 64bit safe and crashed on 64bits platforms if client-limit is set to a greater value. Version-Release number of selected component (if applicable): Any xfs version (including current upstream) How reproducible: 100% reproducible Steps to Reproduce: 1. install and configure xfs on a x86_64 machine 2. Change the default value of client-limit to 100 in /etc/X11/fs/config client-limit = 100 # no-listen = tcp 2. Stress the server with Xvfb (for example) while $(/bin/true); do for i in $(seq 1 50); do Xvfb -fp tcp/localhost:7100 :$i & done; sleep 10; for i in $(seq 1 50); do xlsfonts -display :$i & done;sleep 10; killall Xvfb; done Actual results: The xfs server will die withing seconds with a segfault. Expected results: The xfs server handle the load. Additional info: The crash occurs in WaitforSomething() 193 if (XFD_ANYSET(&clientsReadable)) { 194 ClientPtr client; 195 int conn; 196 197 if (current_time) /* may not have been set */ 198 current_time = GetTimeInMillis(); 199 for (i = 0; i < howmany(XFD_SETSIZE, NFDBITS); i++) { 200 while (clientsReadable.fds_bits[i]) { 201 curclient = ffs(clientsReadable.fds_bits[i]) - 1; 202 conn = ConnectionTranslation[curclient + (i << 5)]; 203 clientsReadable.fds_bits[i] &= ~(((fd_mask)1L) << curclient); 204 client = clients[conn]; 205 if (!client) 206 continue; 207 pClientsReady[nready++] = conn; 208 client->last_request_time = current_time; 209 client->clientGone = CLIENT_ALIVE; 210 } 211 } 212 } For two reasons: 1. fds_bits is a long on 64bit, so need to use ffsl() instead of ffs() 2. curclient + (i << 5) is not 64bit safe Proposed patch attached. Note: 1. This is follow up of bug #464619 (there was more than one bug in xfs) 2. I already discussed the issue and the patch with krh on irc. 3. This bug seems to be present in el5 also, Fedora and current git upstream.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
No further non-security updates are planned for xorg-x11 in RHEL4. If this issue is not addressed in RHEL5 or newer, please update the affected product version and reopen this bug.