diff options
author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2018-10-23 12:14:51 +0200 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2018-10-23 12:14:51 +0200 |
commit | 2eb4a65ebd9aa04bd663fb9a7f0680fd2c56e990 (patch) | |
tree | eb5f9616387784ec1a5914395a9e3355baca2ce4 /nx-X11 | |
parent | 3dc4595560b34242fe4705af8c93d0024eeb2c56 (diff) | |
parent | 701e702a121029098a6123bee9e43a9b81f4b3d9 (diff) | |
download | nx-libs-2eb4a65ebd9aa04bd663fb9a7f0680fd2c56e990.tar.gz nx-libs-2eb4a65ebd9aa04bd663fb9a7f0680fd2c56e990.tar.bz2 nx-libs-2eb4a65ebd9aa04bd663fb9a7f0680fd2c56e990.zip |
Merge branch 'uli42-pr/libX11_1.6.6' into 3.6.x
Attributes GH PR #722: https://github.com/ArcticaProject/nx-libs/pull/722
Diffstat (limited to 'nx-X11')
28 files changed, 313 insertions, 166 deletions
diff --git a/nx-X11/lib/include/X11/Xlibint.h b/nx-X11/lib/include/X11/Xlibint.h index b325182e3..d38c87ee3 100644 --- a/nx-X11/lib/include/X11/Xlibint.h +++ b/nx-X11/lib/include/X11/Xlibint.h @@ -63,6 +63,7 @@ from The Open Group. * Warning, there be dragons here.... */ +#include <stdint.h> #include <nx-X11/Xlib.h> #include <nx-X11/Xproto.h> /* to declare xEvent */ #include <nx-X11/XlibConf.h> /* for configured options like XTHREADS */ @@ -231,10 +232,122 @@ struct _XDisplay XGenericEventCookie * /* in */, XGenericEventCookie * /* out*/); void *cookiejar; /* cookie events returned but not claimed */ +#ifndef LONG64 + unsigned long last_request_read_upper32bit; + unsigned long request_upper32bit; +#endif }; #define XAllocIDs(dpy,ids,n) (*(dpy)->idlist_alloc)(dpy,ids,n) +/* + * access "last_request_read" and "request" with 64bit + * warning: the value argument of the SET-macros must not + * have any side-effects because it may get called twice. + */ +#ifndef LONG64 +/* accessors for 32-bit unsigned long */ + +#define X_DPY_GET_REQUEST(dpy) \ + ( \ + ((uint64_t)(((struct _XDisplay*)dpy)->request)) \ + + (((uint64_t)(((struct _XDisplay*)dpy)->request_upper32bit)) << 32) \ + ) + +#define X_DPY_SET_REQUEST(dpy, value) \ + ( \ + (((struct _XDisplay*)dpy)->request = \ + (value) & 0xFFFFFFFFUL), \ + (((struct _XDisplay*)dpy)->request_upper32bit = \ + ((uint64_t)(value)) >> 32), \ + (void)0 /* don't use the result */ \ + ) + +#define X_DPY_GET_LAST_REQUEST_READ(dpy) \ + ( \ + ((uint64_t)(((struct _XDisplay*)dpy)->last_request_read)) \ + + ( \ + ((uint64_t)( \ + ((struct _XDisplay*)dpy)->last_request_read_upper32bit \ + )) << 32 \ + ) \ + ) + +#define X_DPY_SET_LAST_REQUEST_READ(dpy, value) \ + ( \ + (((struct _XDisplay*)dpy)->last_request_read = \ + (value) & 0xFFFFFFFFUL), \ + (((struct _XDisplay*)dpy)->last_request_read_upper32bit = \ + ((uint64_t)(value)) >> 32), \ + (void)0 /* don't use the result */ \ + ) + +/* + * widen a 32-bit sequence number to a 64 sequence number. + * This macro makes the following assumptions: + * - ulseq refers to a sequence that has already been sent + * - ulseq means the most recent possible sequence number + * with these lower 32 bits. + * + * The following optimization is used: + * The comparison result is taken a 0 or 1 to avoid a branch. + */ +#define X_DPY_WIDEN_UNSIGNED_LONG_SEQ(dpy, ulseq) \ + ( \ + ((uint64_t)ulseq) \ + + \ + (( \ + ((uint64_t)(((struct _XDisplay*)dpy)->request_upper32bit)) \ + - (uint64_t)( \ + (ulseq) > (((struct _XDisplay*)dpy)->request) \ + ) \ + ) << 32) \ + ) + +#define X_DPY_REQUEST_INCREMENT(dpy) \ + ( \ + ((struct _XDisplay*)dpy)->request++, \ + ( \ + (((struct _XDisplay*)dpy)->request == 0) ? ( \ + ((struct _XDisplay*)dpy)->request_upper32bit++ \ + ) : 0 \ + ), \ + (void)0 /* don't use the result */ \ + ) + + +#define X_DPY_REQUEST_DECREMENT(dpy) \ + ( \ + ( \ + (((struct _XDisplay*)dpy)->request == 0) ? (\ + ((struct _XDisplay*)dpy)->request--, /* wrap */ \ + ((struct _XDisplay*)dpy)->request_upper32bit-- \ + ) : ( \ + ((struct _XDisplay*)dpy)->request-- \ + ) \ + ), \ + (void)0 /* don't use the result */ \ + ) + +#else +/* accessors for 64-bit unsigned long */ +#define X_DPY_GET_REQUEST(dpy) \ + (((struct _XDisplay*)dpy)->request) +#define X_DPY_SET_REQUEST(dpy, value) \ + ((struct _XDisplay*)dpy)->request = (value) + +#define X_DPY_GET_LAST_REQUEST_READ(dpy) \ + (((struct _XDisplay*)dpy)->last_request_read) +#define X_DPY_SET_LAST_REQUEST_READ(dpy, value) \ + ((struct _XDisplay*)dpy)->last_request_read = (value) + +#define X_DPY_WIDEN_UNSIGNED_LONG_SEQ(dpy, ulseq) ulseq + +#define X_DPY_REQUEST_INCREMENT(dpy) ((struct _XDisplay*)dpy)->request++ +#define X_DPY_REQUEST_DECREMENT(dpy) ((struct _XDisplay*)dpy)->request-- +#endif + + #ifndef _XEVENT_ /* * _QEvent datatype for use in input queueing. @@ -484,12 +597,13 @@ extern void *_XGetRequest(Display *dpy, CARD8 type, size_t len); * GetEmptyReq is for those requests that have no arguments * at all. */ + #define GetEmptyReq(name, req) \ req = (xReq *) _XGetRequest(dpy, X_##name, SIZEOF(xReq)) /* * MakeBigReq sets the CARD16 "req->length" to 0 and inserts a new CARD32 - * length, after req->length, before the data in the request. The new length + * length, after req->length, before the data in the request. The new length * includes the "n" extra 32-bit words. * * Do not use MakeBigReq if there is no data already in the request. @@ -524,7 +638,7 @@ extern void *_XGetRequest(Display *dpy, CARD8 type, size_t len); * or by "badlen" if "n" is too large. * * Do not use SetReqLen if "req" does not already have data after the - * xReq header. req->length must already be >= 2. + * xReq header. req->length must already be >= 2. */ #ifndef __clang_analyzer__ #define SetReqLen(req,n,badlen) \ @@ -563,7 +677,7 @@ extern void _XFlushGCCache(Display *dpy, GC gc); dpy->bufptr += ((len) + 3) & ~3;\ } else\ _XSend(dpy, data, len);\ - } +} #endif /* DataRoutineIsProcedure */ @@ -701,6 +815,11 @@ typedef struct _XInternalAsync { XPointer data; } _XAsyncHandler; +/* + * This struct is part of the ABI and is defined by value + * in user-code. This means that we cannot make + * the sequence-numbers 64bit. + */ typedef struct _XAsyncEState { unsigned long min_sequence_number; unsigned long max_sequence_number; diff --git a/nx-X11/lib/modules/im/ximcp/imCallbk.c b/nx-X11/lib/modules/im/ximcp/imCallbk.c index 4e091d8ef..ead0806c6 100644 --- a/nx-X11/lib/modules/im/ximcp/imCallbk.c +++ b/nx-X11/lib/modules/im/ximcp/imCallbk.c @@ -624,16 +624,16 @@ _XimPreeditCaretCallback(Xim im, */ { CARD8 buf[sz_ximPacketHeader + sz_ximPreeditCaretReply]; - INT16 len = sz_XIMID + sz_XICID + sz_ximPreeditCaretReply; + INT16 rlen = sz_XIMID + sz_XICID + sz_ximPreeditCaretReply; int p; - _XimSetHeader((XPointer)buf, XIM_PREEDIT_CARET_REPLY, 0, &len); + _XimSetHeader((XPointer)buf, XIM_PREEDIT_CARET_REPLY, 0, &rlen); p = XIM_HEADER_SIZE; *(CARD16*)&buf[p] = (CARD16)im->private.proto.imid; p += sz_CARD16; *(CARD16*)&buf[p] = (CARD16)ic->private.proto.icid; p += sz_CARD16; *(CARD32*)&buf[p] = (CARD32)cbs.position; - if (!(_XimWriteData(im, len, buf))) { + if (!(_XimWriteData(im, rlen, buf))) { return XimCbError; } _XimFlushData(im); diff --git a/nx-X11/lib/modules/im/ximcp/imDefIc.c b/nx-X11/lib/modules/im/ximcp/imDefIc.c index 3cf46827a..30c2d0136 100644 --- a/nx-X11/lib/modules/im/ximcp/imDefIc.c +++ b/nx-X11/lib/modules/im/ximcp/imDefIc.c @@ -231,10 +231,9 @@ _XimReCreateIC(ic) _XimRegisterFilter(ic); MARK_IC_CONNECTED(ic); - if (save_ic->private.proto.ic_resources) - Xfree(save_ic->private.proto.ic_resources); - if (save_ic->private.proto.ic_inner_resources) - Xfree(save_ic->private.proto.ic_inner_resources); + + Xfree(save_ic->private.proto.ic_resources); + Xfree(save_ic->private.proto.ic_inner_resources); Xfree(save_ic); return True; @@ -833,7 +832,7 @@ _XimDestroyICCheck( && (imid == im->private.proto.imid) && (buf_s[2] & XIM_ICID_VALID) && (icid == ic->private.proto.icid)) - ret = False; + ret = False; return ret; } @@ -845,22 +844,22 @@ _XimProtoICFree( Xim im = (Xim)ic->core.im; #endif - if (ic->private.proto.preedit_font) { - Xfree(ic->private.proto.preedit_font); - ic->private.proto.preedit_font = NULL; - } - if (ic->private.proto.status_font) { - Xfree(ic->private.proto.status_font); - ic->private.proto.status_font = NULL; - } + + Xfree(ic->private.proto.preedit_font); + ic->private.proto.preedit_font = NULL; + + + Xfree(ic->private.proto.status_font); + ic->private.proto.status_font = NULL; + if (ic->private.proto.commit_info) { _XimFreeCommitInfo(ic); ic->private.proto.commit_info = NULL; } - if (ic->private.proto.ic_inner_resources) { - Xfree(ic->private.proto.ic_inner_resources); - ic->private.proto.ic_inner_resources = NULL; - } + + Xfree(ic->private.proto.ic_inner_resources); + ic->private.proto.ic_inner_resources = NULL; + #ifdef XIM_CONNECTABLE if (IS_SERVER_CONNECTED(im) && IS_RECONNECTABLE(im)) { @@ -868,18 +867,16 @@ _XimProtoICFree( } #endif /* XIM_CONNECTABLE */ - if (ic->private.proto.saved_icvalues) { - Xfree(ic->private.proto.saved_icvalues); - ic->private.proto.saved_icvalues = NULL; - } - if (ic->private.proto.ic_resources) { - Xfree(ic->private.proto.ic_resources); - ic->private.proto.ic_resources = NULL; - } - if (ic->core.hotkey) { - Xfree(ic->core.hotkey); - ic->core.hotkey = NULL; - } + Xfree(ic->private.proto.saved_icvalues); + ic->private.proto.saved_icvalues = NULL; + + + Xfree(ic->private.proto.ic_resources); + ic->private.proto.ic_resources = NULL; + + + Xfree(ic->core.hotkey); + ic->core.hotkey = NULL; return; } @@ -927,6 +924,30 @@ _XimProtoDestroyIC( return; } +/* + * Some functions require the request queue from the server to be flushed + * so that the ordering of client initiated status changes and those requested + * by the server is well defined. + * _XimSync() would be the function of choice here as it should get a + * XIM_SYNC_REPLY back from the server. + * This however isn't implemented in the piece of junk that is used by most + * input servers as the server side protocol if to XIM. + * Since this code is not shipped as a library together with the client side + * XIM code but is duplicated by every input server around the world there + * is no easy fix to this but this ugly hack below. + * Obtaining an IC value from the server sends a request and empties out the + * event/server request queue until the answer to this request is found. + * Thus it is guaranteed that any pending server side request gets processed. + * This is what the hack below is doing. + */ + +static void +BrokenSyncWithServer(XIC xic) +{ + CARD32 dummy; + XGetICValues(xic, XNFilterEvents, &dummy, NULL); +} + static void _XimProtoSetFocus( XIC xic) @@ -957,6 +978,7 @@ _XimProtoSetFocus( } } #endif /* XIM_CONNECTABLE */ + BrokenSyncWithServer(xic); buf_s[0] = im->private.proto.imid; /* imid */ buf_s[1] = ic->private.proto.icid; /* icid */ @@ -1003,6 +1025,8 @@ _XimProtoUnsetFocus( } #endif /* XIM_CONNECTABLE */ + BrokenSyncWithServer(xic); + buf_s[0] = im->private.proto.imid; /* imid */ buf_s[1] = ic->private.proto.icid; /* icid */ diff --git a/nx-X11/lib/modules/im/ximcp/imInsClbk.c b/nx-X11/lib/modules/im/ximcp/imInsClbk.c index 3ae6b1bd7..214e0a9af 100644 --- a/nx-X11/lib/modules/im/ximcp/imInsClbk.c +++ b/nx-X11/lib/modules/im/ximcp/imInsClbk.c @@ -108,7 +108,7 @@ _XimFilterPropertyNotify( } lock = True; - for( ii = 0; ii < nitems; ii++, atoms ) { + for( ii = 0; ii < nitems; ii++ ) { if(XGetSelectionOwner (display, atoms[ii])) { for( icb = callback_list; icb; icb = icb->next ) { if( !icb->call && !icb->destroy ) { diff --git a/nx-X11/lib/modules/im/ximcp/imLcIm.c b/nx-X11/lib/modules/im/ximcp/imLcIm.c index b3662bc96..41d4fb3fa 100644 --- a/nx-X11/lib/modules/im/ximcp/imLcIm.c +++ b/nx-X11/lib/modules/im/ximcp/imLcIm.c @@ -82,8 +82,8 @@ struct _XimCacheStruct { DTCharIndex mbused; DTCharIndex wcused; DTCharIndex utf8used; - char fname[1]; - /* char encoding[1] */ + char fname[]; + /* char encoding[] */ }; static struct _XimCacheStruct* _XimCache_mmap = NULL; @@ -281,7 +281,7 @@ _XimReadCachedDefaultTree( assert (m->id == XIM_CACHE_MAGIC); assert (m->version == XIM_CACHE_VERSION); if (size != m->size || - size < XOffsetOf (struct _XimCacheStruct, fname) + namelen + encodinglen) { + size < sizeof (struct _XimCacheStruct) + namelen + encodinglen) { fprintf (stderr, "Ignoring broken XimCache %s [%s]\n", name, encoding); munmap (m, size); return False; @@ -442,7 +442,7 @@ _XimWriteCachedDefaultTree( int fd; FILE *fp; struct _XimCacheStruct *m; - int msize = (XOffsetOf(struct _XimCacheStruct, fname) + int msize = (sizeof(struct _XimCacheStruct) + strlen(name) + strlen(encoding) + 2 + XIM_CACHE_TREE_ALIGNMENT-1) & -XIM_CACHE_TREE_ALIGNMENT; DefTreeBase *b = &im->private.local.base; diff --git a/nx-X11/lib/modules/im/ximcp/imLcLkup.c b/nx-X11/lib/modules/im/ximcp/imLcLkup.c index 878b8e350..ac9a1705c 100644 --- a/nx-X11/lib/modules/im/ximcp/imLcLkup.c +++ b/nx-X11/lib/modules/im/ximcp/imLcLkup.c @@ -61,8 +61,8 @@ _XimLocalMbLookupString(XIC xic, XKeyEvent *ev, char *buffer, int bytes, ||(ic->private.local.brl_committed != 0))) { if (ic->private.local.brl_committed != 0) { /* Braille Event */ unsigned char pattern = ic->private.local.brl_committed; - char mb[XLC_PUBLIC(ic->core.im->core.lcd, mb_cur_max)]; - ret = _Xlcwctomb(ic->core.im->core.lcd, mb, BRL_UC_ROW | pattern); + char mb2[XLC_PUBLIC(ic->core.im->core.lcd, mb_cur_max)]; + ret = _Xlcwctomb(ic->core.im->core.lcd, mb2, BRL_UC_ROW | pattern); if(ret > bytes) { if(status) *status = XBufferOverflow; return(ret); @@ -74,7 +74,7 @@ _XimLocalMbLookupString(XIC xic, XKeyEvent *ev, char *buffer, int bytes, } else { if(status) *status = XLookupChars; } - memcpy(buffer, mb, ret); + memcpy(buffer, mb2, ret); } else { if(keysym) { if(status) *status = XLookupKeySym; diff --git a/nx-X11/lib/modules/om/generic/omGeneric.c b/nx-X11/lib/modules/om/generic/omGeneric.c index 68eec01c0..ec612d379 100644 --- a/nx-X11/lib/modules/om/generic/omGeneric.c +++ b/nx-X11/lib/modules/om/generic/omGeneric.c @@ -1617,15 +1617,14 @@ free_fontdataOM( FontData font_data, int font_data_count) { + if (!font_data) + return; + for( ; font_data_count-- ; font_data++) { - if(font_data->name){ Xfree(font_data->name); font_data->name = NULL; - } - if(font_data->scopes){ Xfree(font_data->scopes); font_data->scopes = NULL; - } } } @@ -1639,51 +1638,41 @@ close_om( if ((data = gen->data)) { for (count = gen->data_num; count-- > 0; data++) { - if (data->charset_list){ Xfree(data->charset_list); data->charset_list = NULL; - } + /* free font_data for om */ - if (data->font_data) { free_fontdataOM(data->font_data,data->font_data_count); Xfree(data->font_data); data->font_data = NULL; - } + /* free substitute for om */ - if (data->substitute) { free_fontdataOM(data->substitute,data->substitute_num); Xfree(data->substitute); data->substitute = NULL; - } + /* free vmap for om */ - if (data->vmap) { free_fontdataOM(data->vmap,data->vmap_num); Xfree(data->vmap); data->vmap = NULL; - } + /* free vrotate for om */ - if (data->vrotate) { Xfree(data->vrotate); data->vrotate = NULL; - } } Xfree(gen->data); gen->data = NULL; } - if (gen->object_name){ Xfree(gen->object_name); gen->object_name = NULL; - } - if (om->core.res_name){ Xfree(om->core.res_name); om->core.res_name = NULL; - } - if (om->core.res_class){ + Xfree(om->core.res_class); om->core.res_class = NULL; - } + if (om->core.required_charset.charset_list && om->core.required_charset.charset_count > 0){ XFreeStringList(om->core.required_charset.charset_list); @@ -1692,10 +1681,9 @@ close_om( Xfree((char*)om->core.required_charset.charset_list); om->core.required_charset.charset_list = NULL; } - if (om->core.orientation_list.orientation){ + Xfree(om->core.orientation_list.orientation); om->core.orientation_list.orientation = NULL; - } Xfree(om); diff --git a/nx-X11/lib/src/DisName.c b/nx-X11/lib/src/DisName.c index 87a1e2f0e..5a90ab34f 100644 --- a/nx-X11/lib/src/DisName.c +++ b/nx-X11/lib/src/DisName.c @@ -60,5 +60,5 @@ XDisplayName( return( (char *)display ); if ( (d = getenv( "DISPLAY" )) != (char *)NULL ) return( d ); - return( "" ); + return( (char *) "" ); } diff --git a/nx-X11/lib/src/FSWrap.c b/nx-X11/lib/src/FSWrap.c index 015965779..1b244f43c 100644 --- a/nx-X11/lib/src/FSWrap.c +++ b/nx-X11/lib/src/FSWrap.c @@ -195,7 +195,7 @@ XCreateFontSet ( if (oc && def_string) { *def_string = oc->core.default_string; if (!*def_string) - *def_string = ""; + *def_string = (char *)""; } if (oc == NULL) diff --git a/nx-X11/lib/src/FontNames.c b/nx-X11/lib/src/FontNames.c index 9ffdfd299..ec7d90fa2 100644 --- a/nx-X11/lib/src/FontNames.c +++ b/nx-X11/lib/src/FontNames.c @@ -88,24 +88,16 @@ int *actualCount) /* RETURN */ * unpack into null terminated strings. */ chstart = ch; - chend = ch + (rlen + 1); + chend = ch + rlen; length = *(unsigned char *)ch; *ch = 1; /* make sure it is non-zero for XFreeFontNames */ for (i = 0; i < rep.nFonts; i++) { if (ch + length < chend) { flist[i] = ch + 1; /* skip over length */ ch += length + 1; /* find next length ... */ - if (ch <= chend) { - length = *(unsigned char *)ch; - *ch = '\0'; /* and replace with null-termination */ - count++; - } else { - Xfree(chstart); - Xfree(flist); - flist = NULL; - count = 0; - break; - } + length = *(unsigned char *)ch; + *ch = '\0'; /* and replace with null-termination */ + count++; } else { Xfree(chstart); Xfree(flist); diff --git a/nx-X11/lib/src/GetFPath.c b/nx-X11/lib/src/GetFPath.c index 3d87e4f64..87d257615 100644 --- a/nx-X11/lib/src/GetFPath.c +++ b/nx-X11/lib/src/GetFPath.c @@ -69,15 +69,20 @@ char **XGetFontPath( /* * unpack into null terminated strings. */ - chend = ch + (nbytes + 1); - length = *ch; + chend = ch + nbytes; + length = *(unsigned char *)ch; for (i = 0; i < rep.nPaths; i++) { if (ch + length < chend) { flist[i] = ch+1; /* skip over length */ ch += length + 1; /* find next length ... */ - length = *ch; + length = *(unsigned char *)ch; *ch = '\0'; /* and replace with null-termination */ count++; + } else if (i == 0) { + Xfree(flist); + Xfree(ch); + flist = NULL; + break; } else flist[i] = NULL; } diff --git a/nx-X11/lib/src/GetImage.c b/nx-X11/lib/src/GetImage.c index d80f6715f..96d9ce337 100644 --- a/nx-X11/lib/src/GetImage.c +++ b/nx-X11/lib/src/GetImage.c @@ -105,14 +105,16 @@ XImage *XGetImage ( planes = 1; } - if (!image) + if (!image) { Xfree(data); - if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 || - INT_MAX / image->height <= image->bytes_per_line || - INT_MAX / planes <= image->height * image->bytes_per_line || - nbytes < planes * image->height * image->bytes_per_line) { - XDestroyImage(image); - image = NULL; + } else { + if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 || + INT_MAX / image->height <= image->bytes_per_line || + INT_MAX / planes <= image->height * image->bytes_per_line || + nbytes < planes * image->height * image->bytes_per_line) { + XDestroyImage(image); + image = NULL; + } } UnlockDisplay(dpy); SyncHandle(); diff --git a/nx-X11/lib/src/LiHosts.c b/nx-X11/lib/src/LiHosts.c index 29c36ffb5..315e4dbb4 100644 --- a/nx-X11/lib/src/LiHosts.c +++ b/nx-X11/lib/src/LiHosts.c @@ -119,11 +119,16 @@ XHostAddress *XListHosts ( _XRead (dpy, (char *) buf, nbytes); for (i = 0; i < reply.nHosts; i++) { + if (bp > buf + nbytes - SIZEOF(xHostEntry)) + goto fail; op->family = ((xHostEntry *) bp)->family; op->length =((xHostEntry *) bp)->length; if (op->family == FamilyServerInterpreted) { char *tp = (char *) (bp + SIZEOF(xHostEntry)); - char *vp = memchr(tp, 0, op->length); + char *vp; + if (tp > (char *) (buf + nbytes - op->length)) + goto fail; + vp = memchr(tp, 0, op->length); if (vp != NULL) { sip->type = tp; @@ -138,6 +143,8 @@ XHostAddress *XListHosts ( sip++; } else { op->address = (char *) (bp + SIZEOF(xHostEntry)); + if (op->address > (char *) (buf + nbytes - op->length)) + goto fail; } bp += SIZEOF(xHostEntry) + (((op->length + 3) >> 2) << 2); op++; @@ -149,9 +156,9 @@ XHostAddress *XListHosts ( UnlockDisplay(dpy); SyncHandle(); return (outbuf); +fail: + *enabled = reply.enabled; + *nhosts = 0; + Xfree(outbuf); + return (NULL); } - - - - - diff --git a/nx-X11/lib/src/ListExt.c b/nx-X11/lib/src/ListExt.c index 7fdf9932c..a795041d0 100644 --- a/nx-X11/lib/src/ListExt.c +++ b/nx-X11/lib/src/ListExt.c @@ -74,19 +74,20 @@ char **XListExtensions( /* * unpack into null terminated strings. */ - chend = ch + (rlen + 1); - length = *ch; + chend = ch + rlen; + length = *(unsigned char *)ch; for (i = 0; i < rep.nExtensions; i++) { if (ch + length < chend) { list[i] = ch+1; /* skip over length */ ch += length + 1; /* find next length ... */ - if (ch <= chend) { - length = *ch; - *ch = '\0'; /* and replace with null-termination */ - count++; - } else { - list[i] = NULL; - } + length = *(unsigned char *)ch; + *ch = '\0'; /* and replace with null-termination */ + count++; + } else if (i == 0) { + Xfree(list); + Xfree(ch); + list = NULL; + break; } else list[i] = NULL; } diff --git a/nx-X11/lib/src/SetHints.c b/nx-X11/lib/src/SetHints.c index eed360f46..db5e7527e 100644 --- a/nx-X11/lib/src/SetHints.c +++ b/nx-X11/lib/src/SetHints.c @@ -211,7 +211,7 @@ XSetCommand ( int argc) { register int i; - register int nbytes; + size_t nbytes; register char *buf, *bp; for (i = 0, nbytes = 0; i < argc; i++) { nbytes += safestrlen(argv[i]) + 1; @@ -295,7 +295,7 @@ XSetClassHint( { char *class_string; char *s; - int len_nm, len_cl; + size_t len_nm, len_cl; len_nm = safestrlen(classhint->res_name); len_cl = safestrlen(classhint->res_class); diff --git a/nx-X11/lib/src/StColor.c b/nx-X11/lib/src/StColor.c index d5a217fb0..221fae136 100644 --- a/nx-X11/lib/src/StColor.c +++ b/nx-X11/lib/src/StColor.c @@ -50,6 +50,7 @@ XStoreColor( citem->green = def->green; citem->blue = def->blue; citem->flags = def->flags; /* do_red, do_green, do_blue */ + citem->pad = 0; UnlockDisplay(dpy); diff --git a/nx-X11/lib/src/StColors.c b/nx-X11/lib/src/StColors.c index 17a215cc0..fa1814c8e 100644 --- a/nx-X11/lib/src/StColors.c +++ b/nx-X11/lib/src/StColors.c @@ -53,6 +53,7 @@ XStoreColors( citem.green = defs[i].green; citem.blue = defs[i].blue; citem.flags = defs[i].flags; + citem.pad = 0; /* note that xColorItem doesn't contain all 16-bit quantities, so we can't use Data16 */ diff --git a/nx-X11/lib/src/StrKeysym.c b/nx-X11/lib/src/StrKeysym.c index 125aceca3..d7a9b7566 100644 --- a/nx-X11/lib/src/StrKeysym.c +++ b/nx-X11/lib/src/StrKeysym.c @@ -115,7 +115,7 @@ XStringToKeysym(_Xconst char *s) { XrmValue result; XrmRepresentation from_type; - char c; + char d; XrmQuark names[2]; names[0] = _XrmInternalStringToQuark(s, p - s - 1, sig, False); @@ -126,10 +126,10 @@ XStringToKeysym(_Xconst char *s) val = 0; for (i = 0; i < result.size - 1; i++) { - c = ((char *)result.addr)[i]; - if ('0' <= c && c <= '9') val = (val<<4)+c-'0'; - else if ('a' <= c && c <= 'f') val = (val<<4)+c-'a'+10; - else if ('A' <= c && c <= 'F') val = (val<<4)+c-'A'+10; + d = ((char *)result.addr)[i]; + if ('0' <= d && d <= '9') val = (val<<4)+d-'0'; + else if ('a' <= d && d <= 'f') val = (val<<4)+d-'a'+10; + else if ('A' <= d && d <= 'F') val = (val<<4)+d-'A'+10; else return NoSymbol; } return val; diff --git a/nx-X11/lib/src/XlibInt.c b/nx-X11/lib/src/XlibInt.c index 5afc65149..119126d3d 100644 --- a/nx-X11/lib/src/XlibInt.c +++ b/nx-X11/lib/src/XlibInt.c @@ -836,8 +836,12 @@ _XWaitForReadable( static int sync_hazard(Display *dpy) { - unsigned long span = dpy->request - dpy->last_request_read; - unsigned long hazard = min((dpy->bufmax - dpy->buffer) / SIZEOF(xReq), 65535 - 10); + /* + * "span" and "hazard" need to be signed such that the ">=" comparision + * works correctly in the case that hazard is greater than 65525 + */ + int64_t span = X_DPY_GET_REQUEST(dpy) - X_DPY_GET_LAST_REQUEST_READ(dpy); + int64_t hazard = min((dpy->bufmax - dpy->buffer) / SIZEOF(xReq), 65535 - 10); return span >= 65535 - hazard - 10; } @@ -876,7 +880,7 @@ void _XSeqSyncFunction( return; } #endif /* NX_TRANS_SOCKET */ - if ((dpy->request - dpy->last_request_read) >= (65535 - BUFSIZE/SIZEOF(xReq))) { + if ((X_DPY_GET_REQUEST(dpy) - X_DPY_GET_LAST_REQUEST_READ(dpy)) >= (65535 - BUFSIZE/SIZEOF(xReq))) { GetEmptyReq(GetInputFocus, req); (void) _XReply (dpy, (xReply *)&rep, 0, xTrue); sync_while_locked(dpy); @@ -2072,9 +2076,9 @@ _XSetLastRequestRead( register Display *dpy, register xGenericReply *rep) { - register unsigned long newseq, lastseq; + register uint64_t newseq, lastseq; - lastseq = dpy->last_request_read; + lastseq = X_DPY_GET_LAST_REQUEST_READ(dpy); /* * KeymapNotify has no sequence number, but is always guaranteed * to immediately follow another event, except when generated via @@ -2083,30 +2087,31 @@ _XSetLastRequestRead( if ((rep->type & 0x7f) == KeymapNotify) return(lastseq); - newseq = (lastseq & ~((unsigned long)0xffff)) | rep->sequenceNumber; + newseq = (lastseq & ~((uint64_t)0xffff)) | rep->sequenceNumber; if (newseq < lastseq) { newseq += 0x10000; - if (newseq > dpy->request) { + if (newseq > X_DPY_GET_REQUEST(dpy)) { #ifdef NX_TRANS_SOCKET if (_NXLostSequenceFunction != NULL) - { - (*_NXLostSequenceFunction)(dpy, newseq, dpy->request, - (unsigned int) rep->type); - } - else + { + (*_NXLostSequenceFunction)(dpy, newseq, X_DPY_GET_REQUEST(dpy), + (unsigned int) rep->type); + } + else #endif /* #ifdef NX_TRANS_SOCKET */ - { - (void) fprintf (stderr, - "Xlib: sequence lost (0x%lx > 0x%lx) in reply type 0x%x!\n", - newseq, dpy->request, - (unsigned int) rep->type); - } + { + (void) fprintf (stderr, + "Xlib: sequence lost (0x%llx > 0x%llx) in reply type 0x%x!\n", + (unsigned long long)newseq, + (unsigned long long)(X_DPY_GET_REQUEST(dpy)), + (unsigned int) rep->type); + } newseq -= 0x10000; } } - dpy->last_request_read = newseq; + X_DPY_SET_LAST_REQUEST_READ(dpy, newseq); return(newseq); } @@ -2652,8 +2657,8 @@ XAddConnectionWatch( /* allocate new watch data */ for (info_list=dpy->im_fd_info; info_list; info_list=info_list->next) { - wd_array = Xrealloc(info_list->watch_data, - (dpy->watcher_count + 1) * sizeof(XPointer)); + wd_array = Xrealloc(info_list->watch_data, + (dpy->watcher_count + 1) * sizeof(XPointer)); if (!wd_array) { UnlockDisplay(dpy); return 0; @@ -2921,15 +2926,12 @@ void _XEnq( /* If dpy->qfree is non-NULL do this, else malloc a new one. */ dpy->qfree = qelt->next; } - else if ((qelt = Xmalloc(sizeof(_XQEvent))) == NULL) { + else if ((qelt = Xmalloc(sizeof(_XQEvent))) == NULL) { /* Malloc call failed! */ ESET(ENOMEM); -#ifdef NX_TRANS_SOCKET _XIOError(dpy); - +#ifdef NX_TRANS_SOCKET return; -#else - _XIOError(dpy); #endif } qelt->next = NULL; @@ -3590,10 +3592,10 @@ static int _XPrintDefaultError( mesg, BUFSIZ); fputs(" ", fp); (void) fprintf(fp, mesg, event->serial); - XGetErrorDatabaseText(dpy, mtype, "CurrentSerial", "Current Serial #%d", + XGetErrorDatabaseText(dpy, mtype, "CurrentSerial", "Current Serial #%lld", mesg, BUFSIZ); fputs("\n ", fp); - (void) fprintf(fp, mesg, dpy->request); + (void) fprintf(fp, mesg, (unsigned long long)(X_DPY_GET_REQUEST(dpy))); fputs("\n", fp); if (event->error_code == BadImplementation) return 0; return 1; @@ -3658,17 +3660,17 @@ int _XError ( return 0; if (_XErrorFunction != NULL) { int rtn_val; -#if defined(XTHREADS) && !USE_XCB +#ifdef XTHREADS if (dpy->lock) (*dpy->lock->user_lock_display)(dpy); UnlockDisplay(dpy); -#endif /* XTHREADS && !USE_XCB */ +#endif rtn_val = (*_XErrorFunction)(dpy, (XErrorEvent *)&event); /* upcall */ -#if defined(XTHREADS) && !USE_XCB +#ifdef XTHREADS LockDisplay(dpy); if (dpy->lock) (*dpy->lock->user_unlock_display)(dpy); -#endif /* XTHREADS && !USE_XCB */ +#endif return rtn_val; } else { return _XDefaultError(dpy, (XErrorEvent *)&event); @@ -3978,20 +3980,20 @@ void *_XGetRequest(Display *dpy, CARD8 type, size_t len) xReq *req; if (dpy->bufptr + len > dpy->bufmax) - _XFlush(dpy); + _XFlush(dpy); /* Request still too large, so do not allow it to overflow. */ if (dpy->bufptr + len > dpy->bufmax) { - fprintf(stderr, - "Xlib: request %d length %zd would exceed buffer size.\n", - type, len); - /* Changes failure condition from overflow to NULL dereference. */ - return NULL; + fprintf(stderr, + "Xlib: request %d length %zd would exceed buffer size.\n", + type, len); + /* Changes failure condition from overflow to NULL dereference. */ + return NULL; } if (len % 4) - fprintf(stderr, - "Xlib: request %d length %zd not a multiple of 4.\n", - type, len); + fprintf(stderr, + "Xlib: request %d length %zd not a multiple of 4.\n", + type, len); dpy->last_req = dpy->bufptr; @@ -3999,7 +4001,7 @@ void *_XGetRequest(Display *dpy, CARD8 type, size_t len) req->reqType = type; req->length = len / 4; dpy->bufptr += len; - dpy->request++; + X_DPY_REQUEST_INCREMENT(dpy); return req; } diff --git a/nx-X11/lib/src/xcms/LRGB.c b/nx-X11/lib/src/xcms/LRGB.c index 38cc6cfb4..4bfa3cfb1 100644 --- a/nx-X11/lib/src/xcms/LRGB.c +++ b/nx-X11/lib/src/xcms/LRGB.c @@ -795,6 +795,9 @@ LINEAR_RGB_InitSCCData( return(XcmsSuccess); +FreeBlueTblElements: + Xfree(pScreenData->pBlueTbl->pBase); + FreeBlueTbl: Xfree(pScreenData->pBlueTbl); diff --git a/nx-X11/lib/src/xcms/cmsColNm.c b/nx-X11/lib/src/xcms/cmsColNm.c index c6f1e0f31..829749112 100644 --- a/nx-X11/lib/src/xcms/cmsColNm.c +++ b/nx-X11/lib/src/xcms/cmsColNm.c @@ -314,7 +314,7 @@ field2( /* Find Field 1 */ while (!isgraph(*pBuf)) { - if ((*pBuf != '\n') || (*pBuf != '\0')) { + if ((*pBuf == '\n') || (*pBuf == '\0')) { return(XcmsFailure); } if (isspace(*pBuf) || (*pBuf == delim)) { diff --git a/nx-X11/lib/src/xcms/cmsLkCol.c b/nx-X11/lib/src/xcms/cmsLkCol.c index 15e987424..a81c4cbf0 100644 --- a/nx-X11/lib/src/xcms/cmsLkCol.c +++ b/nx-X11/lib/src/xcms/cmsLkCol.c @@ -76,7 +76,8 @@ XcmsLookupColor ( register int n; xLookupColorReply reply; register xLookupColorReq *req; - XColor def, scr; + XColor def = {0,}; + XColor scr = {0,}; /* * 0. Check for invalid arguments. diff --git a/nx-X11/lib/src/xcms/cmsProp.c b/nx-X11/lib/src/xcms/cmsProp.c index a7aa5b5c5..cb7bd10c6 100644 --- a/nx-X11/lib/src/xcms/cmsProp.c +++ b/nx-X11/lib/src/xcms/cmsProp.c @@ -142,6 +142,7 @@ _XcmsGetProperty( if (xgwp_ret != Success || format_ret == 0 || nitems_ret == 0) { /* the property does not exist or is of an unexpected type or getting window property failed */ + XFree (prop_ret); return(XcmsFailure); } diff --git a/nx-X11/lib/src/xkb/XKBAlloc.c b/nx-X11/lib/src/xkb/XKBAlloc.c index 9c3430c1a..5621f713a 100644 --- a/nx-X11/lib/src/xkb/XKBAlloc.c +++ b/nx-X11/lib/src/xkb/XKBAlloc.c @@ -216,24 +216,22 @@ XkbFreeNames(XkbDescPtr xkb, unsigned which, Bool freeMap) type = map->types; for (i = 0; i < map->num_types; i++, type++) { - if (type->level_names != NULL) { _XkbFree(type->level_names); type->level_names = NULL; - } } } } - if ((which & XkbKeyNamesMask) && (names->keys != NULL)) { + if (which & XkbKeyNamesMask) { _XkbFree(names->keys); names->keys = NULL; names->num_keys = 0; } - if ((which & XkbKeyAliasesMask) && (names->key_aliases)) { + if (which & XkbKeyAliasesMask) { _XkbFree(names->key_aliases); names->key_aliases = NULL; names->num_key_aliases = 0; } - if ((which & XkbRGNamesMask) && (names->radio_groups)) { + if (which & XkbRGNamesMask) { _XkbFree(names->radio_groups); names->radio_groups = NULL; names->num_rg = 0; diff --git a/nx-X11/lib/src/xlibi18n/lcCT.c b/nx-X11/lib/src/xlibi18n/lcCT.c index 6e3f21e92..a2ff93c8a 100644 --- a/nx-X11/lib/src/xlibi18n/lcCT.c +++ b/nx-X11/lib/src/xlibi18n/lcCT.c @@ -1021,19 +1021,19 @@ cstoct( ) { while (csstr_len > 0 && ct_len > 0) { unsigned char ch = * (const unsigned char *) csptr; - int char_size = (ch < 0xc0 ? 1 : + int ch_size = (ch < 0xc0 ? 1 : ch < 0xe0 ? 2 : ch < 0xf0 ? 3 : ch < 0xf8 ? 4 : ch < 0xfc ? 5 : 6); int i; - if (!(csstr_len >= char_size && ct_len >= char_size)) + if (!(csstr_len >= ch_size && ct_len >= ch_size)) break; - for (i = char_size; i > 0; i--) + for (i = ch_size; i > 0; i--) *ctptr++ = *csptr++; - csstr_len -= char_size; - ct_len -= char_size; + csstr_len -= ch_size; + ct_len -= ch_size; } } else { while (csstr_len > 0 && ct_len > 0) { diff --git a/nx-X11/lib/src/xlibi18n/lcDB.c b/nx-X11/lib/src/xlibi18n/lcDB.c index cc14bed72..eb46f8fbd 100644 --- a/nx-X11/lib/src/xlibi18n/lcDB.c +++ b/nx-X11/lib/src/xlibi18n/lcDB.c @@ -781,7 +781,7 @@ f_right_brace( case S_VALUE: if (! store_to_database(db)) return 0; - /* fall into next case */ + /* fall through - to next case */ case S_CATEGORY: if (parse_info.name[parse_info.nest_depth] != NULL) { Xfree(parse_info.name[parse_info.nest_depth]); diff --git a/nx-X11/lib/src/xlibi18n/lcGeneric.c b/nx-X11/lib/src/xlibi18n/lcGeneric.c index 58ee5d27c..f816fee77 100644 --- a/nx-X11/lib/src/xlibi18n/lcGeneric.c +++ b/nx-X11/lib/src/xlibi18n/lcGeneric.c @@ -77,6 +77,7 @@ create( return lcd; err: + Xfree(lcd->core); Xfree(lcd); return (XLCd) NULL; } diff --git a/nx-X11/lib/src/xlibi18n/lcPublic.c b/nx-X11/lib/src/xlibi18n/lcPublic.c index 98a7435fd..f35f17a63 100644 --- a/nx-X11/lib/src/xlibi18n/lcPublic.c +++ b/nx-X11/lib/src/xlibi18n/lcPublic.c @@ -97,6 +97,7 @@ create( return lcd; err: + Xfree(lcd->core); Xfree(lcd); return (XLCd) NULL; } |