aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/programs/Xserver/GL
Commit message (Collapse)AuthorAgeFilesLines
* NXglxext.c: use upstream versions of Dispatch functionsUlrich Sibiller2019-11-021-3/+4
| | | | | | | | | instead of a full copy. We still have our own function because we need to handle the nxagentGlxTrap. This trap is now set before the start of the dispatcher while it has been set only directly before calling the dispatched function. Saves ~50 duplicated lines.
* glxext.c: fix another memory leakUlrich Sibiller2019-06-191-3/+1
| | | | | | | | | | | | | | | | ==10226== 3,337 bytes in 1 blocks are definitely lost in loss record 295 of 307 ==10226== at 0x483577F: malloc (vg_replace_malloc.c:299) ==10226== by 0x6281DB9: strdup (strdup.c:42) ==10226== by 0x2ABA9E: __glXClientInfo (glxcmds.c:2170) ==10226== by 0x17CA3E: __glXDispatch (NXglxext.c:128) ==10226== by 0x16EE77: Dispatch (NXdispatch.c:476) ==10226== by 0x14DCE0: main (main.c:353) There's no point in trying to free cl->* after memset(0). This one is a bug that is found identically in xorg upstream and has only been fixed during rework of the whole client resource freeing stuff. So we fix it in glxext.c.
* Use calloc to zero fill buffers being allocated for replies & eventsUlrich Sibiller2019-02-281-2/+2
| | | | | | | | | | | | | | | | commit cdf5bcd420e5bcf4a4a24a275d3133a4e16ce41e Author: Alan Coopersmith <alan.coopersmith@oracle.com> Date: Mon Jul 9 19:12:42 2012 -0700 Use calloc to zero fill buffers being allocated for replies & events Ensures padding bytes are zero-filled Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Keith Packard <keithp@keithp.com> Tested-by: Daniel Stone <daniel@fooishbar.org> Attributes ArcticaProject/nx-libs#382
* reduce usage of uninitialised bytesUlrich Sibiller2017-12-281-14/+14
| | | | as reported by valgrind
* Xserver/GL/glx/glxcmds.c: Cast small-int values through intptr_t when passed ↵Mike Gabriel2017-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | as pointers Picked from this X.org commit: commit b0dd6be2c8703f7062d45ac9fd646550c7d54e3b Author: Jamey Sharp <jamey@minilop.net> Date: Thu Oct 8 13:38:44 2009 +1100 Cast small-int values through intptr_t when passed as pointers On 64-bit systems, int and pointers don't have the same size, so GCC gives warnings about casts between int and pointer types. However, in the cases covered by this patch, it's always a value that fits in int being stored temporarily as a pointer and then converted back later, which is safe. Casting through the pointer-sized integer type intptr_t convinces the compiler that this is OK. Signed-off-by: Jamey Sharp <jamey@minilop.net> Signed-off-by: Daniel Stone <daniel@fooishbar.org> Backported-to-NX-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> (Only appropriate location for backporting: Xserver/GL/glx/glxcmds.c).
* glx: warning fixesMike Gabriel2017-12-141-1/+1
| | | | | | | | | | | | | | | | | | | commit 63ccaec2c39f4b5742383472c951ee2cd35c9e14 Author: Adam Jackson <ajax@redhat.com> Date: Tue Oct 19 11:59:23 2010 -0400 render2.c: In function ‘__glXDisp_Map2d’: render2.c:127: warning: ‘u1’ may be used uninitialized in this function render2.c: In function ‘__glXDisp_Map1d’: render2.c:90: warning: ‘u1’ may be used uninitialized in this function Remove unnecessary test, and change memcpy to memmove as all users were doing overlapping copies. Signed-off-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Daniel Stone <daniel@fooishbar.org> Backported-to-NX-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* Xserver/GL/glx/glxfb.c: Fix compiler warning: pointer-sign.Mike Gabriel2017-12-141-1/+1
| | | | | | | | glxfb.c: In function '__glXFBMemSwapBuffers': glxfb.c:117:5: warning: pointer targets in passing argument 10 of 'pGC->ops->PutImage' differ in signedness [-Wpointer-sign] buf); ^~~ glxfb.c:117:5: note: expected 'char *' but argument is of type 'GLubyte * {aka unsigned char *}'
* fix broken path due to missing /Ulrich Sibiller2017-11-171-10/+10
|
* glxext.c/NXglxext.c: merge two functions into oneUlrich Sibiller2017-11-171-49/+5
| | | | | | | This has also been done in Xorg 7.1 This also fixes a little flaw for the swapped case: a check for glXRenderLarge was missing.
* Mesa subtree: Adapt build process for building against Mesa that gets pulled ↵Mike Gabriel2017-06-153-0/+33
| | | | in via git subtree.
* Xserver/GL/glx/glxext.c: Fix for previous commit, re-adding a comment ↵Mike Gabriel2017-04-191-0/+1
| | | | starter '/*'.
* Clearing comments from $XFree86$ (et al.) header lines.Mike Gabriel2017-04-1913-13/+0
|
* Xserver/GL/glx/glxcmd.c: Fix uninitialized xGLXQueryVersionReply.Mike Gabriel2017-03-031-0/+2
| | | | Fixes ArcticaProject/nx-libs#324.
* Drop xf86glx.h, so we can finally drop Xserver/GL/include/ entirely.Kristian Høgsberg2016-12-043-40/+0
| | | | | | | | | | | | | | Derived from X.org commit... commit 28b95fd9d1c2f078aaaac75c310a27b17c74a6fc Author: Kristian Høgsberg <krh@redhat.com> Date: Thu Jul 6 03:25:38 2006 -0400 Drop unused GL/include subtree. Woo, less Makefile's to generate. Backported-to-NX-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* Drop glx_ansic.h wrapper and call malloc, realloc, free and str-funcs directly.Kristian Høgsberg2016-12-0415-336/+148
| | | | | | | | | | | | | | | | | commit 2d2d38d17cc2558f8a41166a4a1578bc4c663c37 Author: Kristian Høgsberg <krh@redhat.com> Date: Fri Mar 17 01:47:25 2006 +0000 Check for glproto when building GLX and make sure we have at least 1.4.6. Drop glx_ansic.h wrapper and call xalloc, xrealloc, xfree and str-funcs directly. We don't check the glproto version as we know what it is (we have our own proto file). Furthermore, we skip the switch from --glX<func> -> x<func> and directly switch to <func> (e.g. __glXMalloc() -> malloc()). Backported-to-NX-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* Remove libcwrapper usage from xorg server modules. The libcwrapper is not ↵Eric Anholt2016-12-048-12/+14
| | | | | | | | | | | | | | | used in nxagent. From c3d14036729fd186d4ec7ca1de603e1f2d174e2f Mon Sep 17 00:00:00 2001 From: Eric Anholt <anholt@freebsd.org> Date: Fri, 10 Feb 2006 22:00:30 +0000 Subject: Remove libcwrapper usage from xorg server modules. The libcwrapper is only of (marginal) use in the drivers, and that usage remains. Backported-to-NX-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Fixes ArcticaProject/nx-libs#246 (together with merge commit ecd335fa61551d0b86d3f075469a7743ab899d95).
* add .gitignore filesUlrich Sibiller2016-11-171-0/+341
|
* remove *-def.cppUlrich Sibiller2016-11-022-2123/+0
| | | | never used
* Imake: drop DoLoadableServer, MakeDllModules and IHaveModulesUlrich Sibiller2016-11-0217-1462/+0
| | | | | | We do not build loadable modules, so we do not need them anywhere. Also remove the extra files requires for module builds.
* Imakefile cleanup: Delete all ancient Vcs comments stemming from SVN times ↵Mike Gabriel2016-10-3123-48/+0
| | | | | | of X.org and XFree86. Fixes ArcticaProject/nx-libs#250.
* nx-X11/programs/Xserver/GL/glx/Imakefile: typo fix, leading to ↵Mihai Moldovan2016-10-141-1/+1
| | | | | | glcontextmodes.c not being compiled. The typo didn't cause immediate problems.
* VCS info lines: Remove ancient X.org / XFree86 VCS info line from code files.Mike Gabriel2016-07-0642-42/+0
| | | | | This has already been started while replacing copyright info in file headers and has now been completed with this commit.
* remove unreferenced NEED_EVENTS/NEED_REPLIESUlrich Sibiller2016-07-0518-18/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove defines of NEED_EVENTS and NEED_REPLIES because they are never used anywhere. Basically these three commits, but as they are newer and to not match the code structure the patches have not been applied but replaced by sed + manual intervention: From cb95642dc8edebb2935dd471f8b339cb98aa8481 Mon Sep 17 00:00:00 2001 From: Peter Hutterer <peter.hutterer@redhat.com> Date: Fri, 28 Nov 2008 22:28:32 +1000 Subject: Remove #define NEED_EVENTS and NEED_REPLIES A grep on xorg/* revealed there's no consumer of this define. Quote Alan Coopersmith: "The consumer was in past versions of the headers now located in proto/x11proto - for instance, in X11R6.0's xc/include/Xproto.h, all the event definitions were only available if NEED_EVENTS were defined, and all the reply definitions required NEED_REPLIES. Looks like Xproto.h dropped them by X11R6.3, which didn't have the #ifdef's anymore, so these are truly ancient now." Signed-off-by: Peter Hutterer <peter.hutterer@redhat.com> Signed-off-by: Adam Jackson <ajax@redhat.com> -- From 6de368c9aa7ccd2fcd62fca5a2b278913db4d03d Mon Sep 17 00:00:00 2001 From: Fernando Carrijo <fcarrijo@yahoo.com.br> Date: Thu, 1 Jul 2010 06:50:47 -0300 Subject: Purge macros NEED_EVENTS and NEED_REPLIES Signed-off-by: Fernando Carrijo <fcarrijo@yahoo.com.br> Acked-by: Tiago Vignatti <tiago.vignatti@nokia.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -- From 57c03e52e6b4e3ed54df5fdd778865467d08e119 Mon Sep 17 00:00:00 2001 From: Fernando Carrijo <fcarrijo@yahoo.com.br> Date: Thu, 1 Jul 2010 06:59:48 -0300 Subject: Purge macro NEED_EVENTS Signed-off-by: Fernando Carrijo <fcarrijo@yahoo.com.br> Acked-by: Tiago Vignatti <tiago.vignatti@nokia.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* Remove unneccesary casts from WriteToClient callsAlan Coopersmith2016-07-056-38/+38
| | | | | | | | | | | | | | Casting return to (void) was used to tell lint that you intended to ignore the return value, so it didn't warn you about it. Casting the third argument to (char *) was used as the most generic pointer type in the days before compilers supported C89 (void *) (except for a couple places it's used for byte-sized pointer math). Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Keith Packard <keithp@keithp.com> Tested-by: Daniel Stone <daniel@fooishbar.org> Backport to nx-libs: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* Replace INITARGS with voidTomas Carnecky2016-07-051-1/+1
| | | | | | | | | | | | | | | INITARGS was a hardcoded define to void. Since knowing the function signature for your extensions is kinda useful, just replace it with a hardcoded void, but leave the define there for API compatibility. Signed-off-by: Tomas Carnecky <tom@dbservice.com> Reviewed-by: Daniel Stone <daniel@fooishbar.org> Reviewed-by: Cyril Brulebois <kibi@debian.org> Reviewed-by: Jamey Sharp <jamey@minilop.net> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Keith Packard <keithp@keithp.com> Backport to nx-libs: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* nx-X11/programs/Xserver: Drop {X,x}realloc() macros, use realloc() instead.Mike Gabriel2016-07-023-3/+3
|
* nx-X11/programs/Xserver: Drop {X,x}alloc() macros, use malloc() instead.Mike Gabriel2016-07-024-8/+8
|
* nx-X11/programs/Xserver: Drop {X,x}free() macros, use free() instead.Mike Gabriel2016-07-025-9/+9
| | | | Fixes ArcticaProject/nx-libs#105
* Xserver/include/protocol-versions.h: Switch to having an Xserver-specific ↵Mike Gabriel2016-07-021-3/+3
| | | | header file containing all use protocol versions.
* Xserver Imakefiles: Make sure NXAGENT_SERVER is defined for all extensions.Mike Gabriel2016-07-021-2/+8
|
* hw/nxagent/NXglxext.c: Shrink file, drop duplicate code that can identically ↵Mike Gabriel2016-06-252-2/+16
| | | | be found in GL/glx/glxext.c.
* Xserver/GL/glx/Imakefile: Serialize parameters and make Imakefile changes ↵Mike Gabriel2016-06-251-23/+82
| | | | more trackable.
* pixman-devel: Build against shared library pkg-config(pixman-1).Mike Gabriel2016-05-022-2/+4
|
* Clear header file namespace separation (<X11/...> vs. <nx-X11/...>).Mike Gabriel2015-12-282-4/+4
| | | | | | | | | | | | | | | | | | | | In the process of building nxagent against more and more system-wide installed X.org libraries, we come to the limit of including structs from this (bundled nx-X11) and that (system-wide X.Org) library. This commit introduces a clear namespace separation of headers provided by nx-X11 and headers provided by X.Org. This approach is only temporary as we want to drop all nx-X11 bundled libraries from nx-libs. However, for a while we need to make this separation clear and also ship some reduced fake X.Org headers that avoid pulling in libX* and libNX_X* symbols at the same time. This patch has been tested on Debian jessie and unstable and requires no overall testing on various distros and distro versions, as we finally will drop all libNX_X* libraries and build against X.org's client libs. For now, this hack eases our development / cleanup process.
* Replace 'pointer' type with 'void *'Keith Packard2015-12-284-10/+10
| | | | | | | | | | This lets us stop using the 'pointer' typedef in Xdefs.h as 'pointer' is used throughout the X server for other things, and having duplicate names generates compiler warnings. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Eric Anholt <eric@anholt.net> Rebased against NX: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* nx-X11/config/cf: Drop unnecessary xf86site.def, xf86.tmpl, xfree86.cf.Mike Gabriel2015-06-211-7/+0
|
* imake clean-up: Enforce build of Mesa GLX extension. Drop all other GLX ↵Mike Gabriel2015-06-1612-45/+1
| | | | build methods (built-in DRI drivers, etc.).
* Drop unused / untested Xserver GLX extension support / build logic.Mike Gabriel2015-06-1612-167/+2
| | | | | | | * MS Windows (non-tested) * Mac OS X (not provided) * SGISI / opengl (not provided) * DRI support (nxagent uses Mesa software emulation only)
* Drop nx-X11/lib/GL and move Imakefile.inc include files into Xserver code tree.Mike Gabriel2015-06-1634-244/+1505
| | | | | | | | | | | | The client-side library libNX_GL.{a,so} is not built when building nx-libs. However, nx-X11/lib/GL/** ships several imake include files (Imakefile.inc) that are also used in nx-X11/programs/Xserver/GL/**. These files have been moved from the nx-X11/lib/GL/ code subtree to the nx-X11/programs/Xserver/GL/. Furthermore, we don't provide module builds of the GL extension anymore, as that feature is neither used in nx-libs.
* library clean-up: Don't build and link libXfont.a anymore. Use system's ↵pr/libxfont-cleanupMike Gabriel2015-04-221-1/+1
| | | | libXfont shared library and link dynamically.
* glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8] (V3)Adam Jackson2015-02-144-107/+121
| | | | | | | | | | | | | | | | v2: Handle more multiplies in indirect_reqsize.c (Julien Cristau) v3: RHEL5 backport v4: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com>
* glx: Length checking for RenderLarge requests (v2) [CVE-2014-8098 3/8] (v3)Adam Jackson2015-02-142-46/+71
| | | | | | | | | | | | | | | | | | | | | This is a half-measure until we start passing request length into the varsize function, but it's better than the nothing we had before. v2: Verify that there's at least a large render header's worth of dataBytes (Julien Cristau) v3: backport to RHEL5 v4: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com> fixup swap
* glx: Length checking for non-generated single requests (v2) [CVE-2014-8098 7/8]Adam Jackson2015-02-144-20/+52
| | | | | | | | | | | | | | | | | | | | | | v2: Fix single versus vendor-private length checking for ARB_imaging subset extensions. (Julien Cristau) v3: Fix single versus vendor-private length checking for ARB_imaging subset extensions. (Julien Cristau) v4: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com> fix safe_Add
* glx: Top-level length checking for swapped VendorPrivate requests ↵Adam Jackson2015-02-141-0/+4
| | | | | | | | | | | | | | | [CVE-2014-8098 4/8] v2: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Keith Packard <keithp@keithp.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com>
* glx: Integer overflow protection for non-generated render requests (v3) ↵Adam Jackson2015-02-141-31/+37
| | | | | | | | | | | | | | | | | | | | | [CVE-2014-8093 5/6] v2: Fix constants in __glXMap2fReqSize (Michal Srb) Validate w/h/d for proxy targets too (Keith Packard) v3: Fix Map[12]Size to correctly reject order == 0 (Julien Cristau) v4: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Keith Packard <keithp@keithp.com> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com>
* glx: Length checking for GLXRender requests (v2) [CVE-2014-8098 2/8] (v3)Julien Cristau2015-02-142-20/+20
| | | | | | | | | | | | | | | | | v2: Remove can't-happen comparison for cmdlen < 0 (Michal Srb) v3: backport to RHEL5 hit old paths v4: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com>
* glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6] (v4)Adam Jackson2015-02-141-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | These are paranoid about integer overflow, and will return -1 if their operation would overflow a (signed) integer or if either argument is negative. Note that RenderLarge requests are sized with a uint32_t so in principle this could be sketchy there, but dix limits bigreqs to 128M so you shouldn't ever notice, and honestly if you're sending more than 2G of rendering commands you're already doing something very wrong. v2: Use INT_MAX for consistency with the rest of the server (jcristau) v3: Reject negative arguments (anholt) v4: RHEL5: add limits.h, use inline v5: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Keith Packard <keithp@keithp.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com>
* glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER ↵Adam Jackson2015-02-141-1/+2
| | | | | | | | | | | | | | | | | | | (v2) [CVE-2014-8093 3/6] If the computed reply size is negative, something went wrong, treat it as an error. v2: Be more careful about size_t being unsigned (Matthieu Herrb) v3: SIZE_MAX not SIZE_T_MAX (Alan Coopersmith) v4: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com>
* glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]Adam Jackson2015-02-142-14/+14
| | | | | | | | | | | | | | | | | | Before this we'd just clamp the image size to 0, which was just hideously stupid; if the parameters were such that they'd overflow an integer, you'd allocate a small buffer, then pass huge values into (say) ReadPixels, and now you're scribbling over arbitrary server memory. v2: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Keith Packard <keithp@keithp.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com>
* glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6] (v2)Adam Jackson2015-02-142-4/+4
| | | | | | | | | | | | | | | | | | | | | If the size computation routine returns -1 we should just reject the request outright. Clamping it to zero could give an attacker the opportunity to also mangle cmdlen in such a way that the subsequent length check passes, and the request would get executed, thus passing data we wanted to reject to the renderer. v3: backport to nx-libs 3.6.x (Mike DePaulo) v2: backport to RHEL5 - fix swap paths Reviewed-by: Keith Packard <keithp@keithp.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com> fixup swaps