| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
set but not used variables
shadowing a previous local
A hidden problem was that the VERIFY_RR_* macros define local 'rc'
variables, any other local definitions for those would be shadowed and
generate warnings from gcc. I've renamed the other locals 'ret'
instead of 'rc'.
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
|
|
|
|
|
|
|
|
|
| |
ProcRRGetScreenSizeRange uses REQUEST(xRRGetScreenSizeRangeReq) followed by
REQUEST_SIZE_MATCH(xRRGetScreenInfoReq). This happens to work out because both
requests have the same size, so this is not a functional change, just a cosmetic
one.
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Tested-by: Daniel Stone <daniel@fooishbar.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by parfait 1.0:
Error: Memory leak (CWE 401)
Memory leak of pointer 'newModes' allocated with realloc(((char*)modes), ((num_modes + 1) * 8))
at line 93 of randr/rrmode.c in function 'RRModeCreate'.
pointer allocated at line 82 with realloc(((char*)modes), ((num_modes + 1) * 8)).
Error: Memory leak (CWE 401)
Memory leak of pointer 'newModes' allocated with malloc(8)
at line 93 of randr/rrmode.c in function 'RRModeCreate'.
pointer allocated at line 84 with malloc(8).
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We don't return rates to randr < 1.1 clients, so don't allocate space
for them. This fixes a FatalError due to not all allocated space being
used.
X.Org bug#21861 <http://bugs.freedesktop.org/show_bug.cgi?id=21861>
Reported-by: Guillaume Quintin <coincoin169g@gmail.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
|
|
|
|
|
|
|
| |
Return a error if the screen is configured to an invalid size.
Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
|
|
|
|
|
|
| |
All of the crts and outputs were freed, but not the arrays full of
pointers to them.
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
|
| |
User mode has no customer when create until assigned
to some output.
|
|
|
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=51375
https://bugs.freedesktop.org/attachment.cgi?id=63397
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Tested-by: Daniel Stone <daniel@fooishbar.org>
|
|\
| |
| |
| | |
Attributes GH PR #39: https://github.com/ArcticaProject/nx-libs/pull/39
|
| |
| |
| |
| | |
not used anywhere.
|
| | |
|
| |
| |
| |
| | |
* Unix file socket support -> 3.6.x
* Embedding / re-parenting -> 3.6.x
|
|\ \
| | |
| | | |
Xext CVE fixes in XVideo extension.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
v2: backport to nx-libs 3.6.x (Mike DePaulo)
v3: port to NXxvdisp.c rather than xvdisp.c (Mike DePaulo)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Conflicts:
Xext/xvdisp.c
|
|\ \
| |/
|/| |
DIX CVE fixes in nx-X11/programs/Xserver/hw/nxagent/ rather than nx-X11/programs/Xserver/dix/.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The length checking code validates PutImage height and byte width by
making sure that byte-width >= INT32_MAX / height. If height is zero,
this generates a divide by zero exception. Allow zero height requests
explicitly, bypassing the INT32_MAX check.
Fix for regression introduced by fix for CVE-2014-8092.
v2: backports to nx-libs 3.6.x (Mike Gabriel)
v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo)
Signed-off-by: Keith Packard <keithp@keithp.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ProcPutImage() calculates a length field from a width, left pad and depth
specified by the client (if the specified format is XYPixmap).
The calculations for the total amount of memory the server needs for the
pixmap can overflow a 32-bit number, causing out-of-bounds memory writes
on 32-bit systems (since the length is stored in a long int variable).
v2: backport to nx-libs 3.6.x (Mike DePaulo)
v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo)
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Conflicts:
dix/dispatch.c
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
xorg/Xserver http://lists.x.org/archives/xorg-announce/2013-October/002332.html
Save a pointer to the passed in closure structure before copying it
and overwriting the *c pointer to point to our copy instead of the
original. If we hit an error, once we free(c), reset c to point to
the original structure before jumping to the cleanup code that
references *c.
Since one of the errors being checked for is whether the server was
able to malloc(c->nChars * itemSize), the client can potentially pass
a number of characters chosen to cause the malloc to fail and the
error path to be taken, resulting in the read from freed memory.
Since the memory is accessed almost immediately afterwards, and the
X server is mostly single threaded, the odds of the free memory having
invalid contents are low with most malloc implementations when not using
memory debugging features, but some allocators will definitely overwrite
the memory there, leading to a likely crash.
v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo)
|
|
|
|
| |
fixes.
|
|
|
|
| |
1f44331574bdbe4069d13e4c26df18094b49e658.
|
|\
| |
| |
| | |
Attributes GH PR #31: https://github.com/ArcticaProject/nx-libs/pull/31
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Update nxcomp/LICENSE.
* Add nxcomp/README.on-retroactive-DXPC-license, giving a
short overview of the flow of discussions
* Add "modified or unmodified" to the license information
printed out to stdout in nxcomp/Misc.cpp
* Fix copyright year (2006->2003) for Gian Filippo Pinzari
(and move him to the GPL-2 section).
* Add the complete .mbox file of Debian bug #748565.
|
|\ \
| |/
|/| |
XRender CVE fixes for nxagent (X.Org CVE-2014-8100)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
v2: backport to nx-libs 3.6.x (Mike DePaulo)
v3: port to NXrender.c rather than render.c (Mike DePaulo)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Conflicts:
render/render.c
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Otherwise we may be reading outside of the client request.
v2: backport to nx-libs 3.6.x (Mike DePaulo)
v3: port to NXrender.c rather than render.c (Mike DePaulo)
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Conflicts:
render/render.c
|
|\ \
| | |
| | |
| | | |
Attributes GH PR #21: https://github.com/ArcticaProject/nx-libs/pull/21
|
| | |
| | |
| | |
| | | |
hardware driver.
|
| | |
| | |
| | |
| | | |
shared library.
|
| | | |
|
|\ \ \
| |/ /
|/| |
| | | |
Attributes GH PR #34: https://github.com/ArcticaProject/nx-libs/pull/34
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
This patch is some code fixes to allow developer debuging by using TEST macros in the NX code
|
| |/ /
| | |
| | |
| | | |
Particularly the following macros have been tested -DTEST -DDEBUG -DDUMP -DFLUSH -DTOKEN -DSPLIT -DPING -DMIXED -DMATCH -DTIME
|
|\ \ \
| | | |
| | | | |
This patch allows to cleanup the nxcomp resources to allow for a seco…
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
connection inside the same process, instead of a new process as is the nxproxy case.
This involves creating a new API call
void NXTransCleanupForReconnect(void);
which basically cleans up the global state for the connection but does not exit the process.
Background
==========
This is needed for the IOS platform, where the nxproxy model of forking does not work.
Also NX handles most of the errors with an "exit" call which in IOS cannot be easily handled.
|
| | | |
|
| | | |
|
| | | |
|
| |/
|/| |
|
|\ \
| | |
| | |
| | | |
Attributes GH PR #18: https://github.com/ArcticaProject/nx-libs/pull/18
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
shared library. (Fixes ArcticaProject/nx-libs#6, X2GoBTS#826).
|
| | | |
|
| | | |
|
| | | |
|
|\| |
| | |
| | | |
dix: Allow zero-height PutImage requests (fix for X.Org's CVE-2015-3418).
|