aboutsummaryrefslogtreecommitdiff
path: root/debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch')
-rw-r--r--debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch44
1 files changed, 0 insertions, 44 deletions
diff --git a/debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch b/debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch
deleted file mode 100644
index 106231983..000000000
--- a/debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Description: Avoid large pixmaps
- It is allowed to try and allocate a pixmap which is larger than
- 32767 in either dimension. However, all of the framebuffer code
- is buggy and does not reliably draw to such big pixmaps, basically
- because the Region data structure operates with signed shorts
- for the rectangles in it.
- .
- Furthermore, several places in the X server computes the
- size in bytes of the pixmap and tries to store it in an
- integer. This integer can overflow and cause the allocated size
- to be much smaller.
- .
- So, such big pixmaps are rejected here with a BadAlloc
- .
- Originally contributed by FreeNX Team
-Forwarded: pending...
-Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-Last-Update: 2011-12-31
---- a/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c
-+++ b/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c
-@@ -1973,6 +1973,23 @@ ProcCreatePixmap(client)
- client->errorValue = 0;
- return BadValue;
- }
-+ if (stuff->width > 32767 || stuff->height > 32767)
-+ {
-+ /* It is allowed to try and allocate a pixmap which is larger than
-+ * 32767 in either dimension. However, all of the framebuffer code
-+ * is buggy and does not reliably draw to such big pixmaps, basically
-+ * because the Region data structure operates with signed shorts
-+ * for the rectangles in it.
-+ *
-+ * Furthermore, several places in the X server computes the
-+ * size in bytes of the pixmap and tries to store it in an
-+ * integer. This integer can overflow and cause the allocated size
-+ * to be much smaller.
-+ *
-+ * So, such big pixmaps are rejected here with a BadAlloc
-+ */
-+ return BadAlloc;
-+ }
- if (stuff->depth != 1)
- {
- pDepth = pDraw->pScreen->allowedDepths;