| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the following three functions:
bits_to_bytes(bits) - the number of bytes needed to hold 'bits'
bytes_to_int32(bytes) - the number of 4-byte units to hold 'bytes'
pad_to_int32(bytes) - the closest multiple of 4 equal to or larger than
'bytes'.
All three operations are common in protocol processing and currently the
server has ((foo + 7)/8 + 3)/4 operations all over the place. A common set
of functions reduce the error rate of these (albeit simple) calculations and
improve readability of the code.
The functions do not check for overflow.
v2: backport to nx-libs 3.6.x as a prereq for
the CVE-2015-0255 fix (Mike DePaulo)
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple functions in the Xinput extension handling of requests from
clients failed to check that the length of the request sent by the
client was large enough to perform all the required operations and
thus could read or write to memory outside the bounds of the request
buffer.
This commit includes the creation of a new REQUEST_AT_LEAST_EXTRA_SIZE
macro in include/dix.h for the common case of needing to ensure a
request is large enough to include both the request itself and a
minimum amount of extra data following the request header.
v2: backport to nx-libs 3.6.x (Mike DePaulo)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Conflicts:
Xi/chgdctl.c
Xi/chgfctl.c
Xi/xiallowev.c
Xi/xichangecursor.c
Xi/xichangehierarchy.c
Xi/xigetclientpointer.c
Xi/xigrabdev.c
Xi/xipassivegrab.c
Xi/xiproperty.c
Xi/xiquerydevice.c
Xi/xiquerypointer.c
Xi/xiselectev.c
Xi/xisetclientpointer.c
Xi/xisetdevfocus.c
Xi/xiwarppointer.c
[RHEL5: Xi/xi* files are XI2 ]
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Force use of 64-bit integers when evaluating data provided by clients
in 32-bit fields which can overflow when added or multiplied during
checks.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
RHEL5: add #include <stdint.h> for uint64_t
v3: backport to nx-libs 3.6.x (Mike DePaulo)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RegionSizeof contains several integer overflows if a large length
value is passed in. Once we fix it to return 0 on overflow, we
also have to fix the callers to handle this error condition
v2: Fixed limit calculation in RegionSizeof as pointed out by jcristau.
v3: backport to nx-libs 3.6.x (Mike DePaulo)
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Conflicts:
dix/region.c
include/regionstr.h
|
|
|
|
| |
(606_nx-X11_build-on-aarch64.full.patch).
|
| |
|
|
Summary: Imported nx-X11-3.1.0-1.tar.gz
Keywords:
Imported nx-X11-3.1.0-1.tar.gz
into Git repository
|