From e1938c189223164f3a75cf848e90ecc1d2e55d15 Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller Date: Wed, 22 Aug 2018 22:30:34 +0200 Subject: libNX_X11: upgrade to X.org upstream version 1.6.6 We are at X.Org libX11 upstream commit 733f64b Fixes: ArcticaProject/nx-libs #716, #719 and #720 --- nx-X11/lib/include/X11/Xlibint.h | 125 +++++++++++++++++++++++++++++- nx-X11/lib/modules/im/ximcp/imCallbk.c | 6 +- nx-X11/lib/modules/im/ximcp/imDefIc.c | 82 +++++++++++++------- nx-X11/lib/modules/im/ximcp/imInsClbk.c | 2 +- nx-X11/lib/modules/im/ximcp/imLcIm.c | 8 +- nx-X11/lib/modules/im/ximcp/imLcLkup.c | 6 +- nx-X11/lib/modules/om/generic/omGeneric.c | 32 +++----- nx-X11/lib/src/DisName.c | 2 +- nx-X11/lib/src/FSWrap.c | 2 +- nx-X11/lib/src/FontNames.c | 16 +--- nx-X11/lib/src/GetFPath.c | 11 ++- nx-X11/lib/src/GetImage.c | 16 ++-- nx-X11/lib/src/LiHosts.c | 19 +++-- nx-X11/lib/src/ListExt.c | 19 ++--- nx-X11/lib/src/SetHints.c | 4 +- nx-X11/lib/src/StColor.c | 1 + nx-X11/lib/src/StColors.c | 1 + nx-X11/lib/src/StrKeysym.c | 10 +-- nx-X11/lib/src/XlibInt.c | 86 ++++++++++---------- nx-X11/lib/src/xcms/LRGB.c | 3 + nx-X11/lib/src/xcms/cmsColNm.c | 2 +- nx-X11/lib/src/xcms/cmsProp.c | 1 + nx-X11/lib/src/xkb/XKBAlloc.c | 8 +- nx-X11/lib/src/xlibi18n/lcCT.c | 10 +-- nx-X11/lib/src/xlibi18n/lcDB.c | 2 +- nx-X11/lib/src/xlibi18n/lcGeneric.c | 1 + nx-X11/lib/src/xlibi18n/lcPublic.c | 1 + 27 files changed, 311 insertions(+), 165 deletions(-) diff --git a/nx-X11/lib/include/X11/Xlibint.h b/nx-X11/lib/include/X11/Xlibint.h index b325182e3..d38c87ee3 100644 --- a/nx-X11/lib/include/X11/Xlibint.h +++ b/nx-X11/lib/include/X11/Xlibint.h @@ -63,6 +63,7 @@ from The Open Group. * Warning, there be dragons here.... */ +#include #include #include /* to declare xEvent */ #include /* for configured options like XTHREADS */ @@ -231,10 +232,122 @@ struct _XDisplay XGenericEventCookie * /* in */, XGenericEventCookie * /* out*/); void *cookiejar; /* cookie events returned but not claimed */ +#ifndef LONG64 + unsigned long last_request_read_upper32bit; + unsigned long request_upper32bit; +#endif }; #define XAllocIDs(dpy,ids,n) (*(dpy)->idlist_alloc)(dpy,ids,n) +/* + * access "last_request_read" and "request" with 64bit + * warning: the value argument of the SET-macros must not + * have any side-effects because it may get called twice. + */ +#ifndef LONG64 +/* accessors for 32-bit unsigned long */ + +#define X_DPY_GET_REQUEST(dpy) \ + ( \ + ((uint64_t)(((struct _XDisplay*)dpy)->request)) \ + + (((uint64_t)(((struct _XDisplay*)dpy)->request_upper32bit)) << 32) \ + ) + +#define X_DPY_SET_REQUEST(dpy, value) \ + ( \ + (((struct _XDisplay*)dpy)->request = \ + (value) & 0xFFFFFFFFUL), \ + (((struct _XDisplay*)dpy)->request_upper32bit = \ + ((uint64_t)(value)) >> 32), \ + (void)0 /* don't use the result */ \ + ) + +#define X_DPY_GET_LAST_REQUEST_READ(dpy) \ + ( \ + ((uint64_t)(((struct _XDisplay*)dpy)->last_request_read)) \ + + ( \ + ((uint64_t)( \ + ((struct _XDisplay*)dpy)->last_request_read_upper32bit \ + )) << 32 \ + ) \ + ) + +#define X_DPY_SET_LAST_REQUEST_READ(dpy, value) \ + ( \ + (((struct _XDisplay*)dpy)->last_request_read = \ + (value) & 0xFFFFFFFFUL), \ + (((struct _XDisplay*)dpy)->last_request_read_upper32bit = \ + ((uint64_t)(value)) >> 32), \ + (void)0 /* don't use the result */ \ + ) + +/* + * widen a 32-bit sequence number to a 64 sequence number. + * This macro makes the following assumptions: + * - ulseq refers to a sequence that has already been sent + * - ulseq means the most recent possible sequence number + * with these lower 32 bits. + * + * The following optimization is used: + * The comparison result is taken a 0 or 1 to avoid a branch. + */ +#define X_DPY_WIDEN_UNSIGNED_LONG_SEQ(dpy, ulseq) \ + ( \ + ((uint64_t)ulseq) \ + + \ + (( \ + ((uint64_t)(((struct _XDisplay*)dpy)->request_upper32bit)) \ + - (uint64_t)( \ + (ulseq) > (((struct _XDisplay*)dpy)->request) \ + ) \ + ) << 32) \ + ) + +#define X_DPY_REQUEST_INCREMENT(dpy) \ + ( \ + ((struct _XDisplay*)dpy)->request++, \ + ( \ + (((struct _XDisplay*)dpy)->request == 0) ? ( \ + ((struct _XDisplay*)dpy)->request_upper32bit++ \ + ) : 0 \ + ), \ + (void)0 /* don't use the result */ \ + ) + + +#define X_DPY_REQUEST_DECREMENT(dpy) \ + ( \ + ( \ + (((struct _XDisplay*)dpy)->request == 0) ? (\ + ((struct _XDisplay*)dpy)->request--, /* wrap */ \ + ((struct _XDisplay*)dpy)->request_upper32bit-- \ + ) : ( \ + ((struct _XDisplay*)dpy)->request-- \ + ) \ + ), \ + (void)0 /* don't use the result */ \ + ) + +#else +/* accessors for 64-bit unsigned long */ +#define X_DPY_GET_REQUEST(dpy) \ + (((struct _XDisplay*)dpy)->request) +#define X_DPY_SET_REQUEST(dpy, value) \ + ((struct _XDisplay*)dpy)->request = (value) + +#define X_DPY_GET_LAST_REQUEST_READ(dpy) \ + (((struct _XDisplay*)dpy)->last_request_read) +#define X_DPY_SET_LAST_REQUEST_READ(dpy, value) \ + ((struct _XDisplay*)dpy)->last_request_read = (value) + +#define X_DPY_WIDEN_UNSIGNED_LONG_SEQ(dpy, ulseq) ulseq + +#define X_DPY_REQUEST_INCREMENT(dpy) ((struct _XDisplay*)dpy)->request++ +#define X_DPY_REQUEST_DECREMENT(dpy) ((struct _XDisplay*)dpy)->request-- +#endif + + #ifndef _XEVENT_ /* * _QEvent datatype for use in input queueing. @@ -484,12 +597,13 @@ extern void *_XGetRequest(Display *dpy, CARD8 type, size_t len); * GetEmptyReq is for those requests that have no arguments * at all. */ + #define GetEmptyReq(name, req) \ req = (xReq *) _XGetRequest(dpy, X_##name, SIZEOF(xReq)) /* * MakeBigReq sets the CARD16 "req->length" to 0 and inserts a new CARD32 - * length, after req->length, before the data in the request. The new length + * length, after req->length, before the data in the request. The new length * includes the "n" extra 32-bit words. * * Do not use MakeBigReq if there is no data already in the request. @@ -524,7 +638,7 @@ extern void *_XGetRequest(Display *dpy, CARD8 type, size_t len); * or by "badlen" if "n" is too large. * * Do not use SetReqLen if "req" does not already have data after the - * xReq header. req->length must already be >= 2. + * xReq header. req->length must already be >= 2. */ #ifndef __clang_analyzer__ #define SetReqLen(req,n,badlen) \ @@ -563,7 +677,7 @@ extern void _XFlushGCCache(Display *dpy, GC gc); dpy->bufptr += ((len) + 3) & ~3;\ } else\ _XSend(dpy, data, len);\ - } +} #endif /* DataRoutineIsProcedure */ @@ -701,6 +815,11 @@ typedef struct _XInternalAsync { XPointer data; } _XAsyncHandler; +/* + * This struct is part of the ABI and is defined by value + * in user-code. This means that we cannot make + * the sequence-numbers 64bit. + */ typedef struct _XAsyncEState { unsigned long min_sequence_number; unsigned long max_sequence_number; diff --git a/nx-X11/lib/modules/im/ximcp/imCallbk.c b/nx-X11/lib/modules/im/ximcp/imCallbk.c index 4e091d8ef..ead0806c6 100644 --- a/nx-X11/lib/modules/im/ximcp/imCallbk.c +++ b/nx-X11/lib/modules/im/ximcp/imCallbk.c @@ -624,16 +624,16 @@ _XimPreeditCaretCallback(Xim im, */ { CARD8 buf[sz_ximPacketHeader + sz_ximPreeditCaretReply]; - INT16 len = sz_XIMID + sz_XICID + sz_ximPreeditCaretReply; + INT16 rlen = sz_XIMID + sz_XICID + sz_ximPreeditCaretReply; int p; - _XimSetHeader((XPointer)buf, XIM_PREEDIT_CARET_REPLY, 0, &len); + _XimSetHeader((XPointer)buf, XIM_PREEDIT_CARET_REPLY, 0, &rlen); p = XIM_HEADER_SIZE; *(CARD16*)&buf[p] = (CARD16)im->private.proto.imid; p += sz_CARD16; *(CARD16*)&buf[p] = (CARD16)ic->private.proto.icid; p += sz_CARD16; *(CARD32*)&buf[p] = (CARD32)cbs.position; - if (!(_XimWriteData(im, len, buf))) { + if (!(_XimWriteData(im, rlen, buf))) { return XimCbError; } _XimFlushData(im); diff --git a/nx-X11/lib/modules/im/ximcp/imDefIc.c b/nx-X11/lib/modules/im/ximcp/imDefIc.c index 3cf46827a..30c2d0136 100644 --- a/nx-X11/lib/modules/im/ximcp/imDefIc.c +++ b/nx-X11/lib/modules/im/ximcp/imDefIc.c @@ -231,10 +231,9 @@ _XimReCreateIC(ic) _XimRegisterFilter(ic); MARK_IC_CONNECTED(ic); - if (save_ic->private.proto.ic_resources) - Xfree(save_ic->private.proto.ic_resources); - if (save_ic->private.proto.ic_inner_resources) - Xfree(save_ic->private.proto.ic_inner_resources); + + Xfree(save_ic->private.proto.ic_resources); + Xfree(save_ic->private.proto.ic_inner_resources); Xfree(save_ic); return True; @@ -833,7 +832,7 @@ _XimDestroyICCheck( && (imid == im->private.proto.imid) && (buf_s[2] & XIM_ICID_VALID) && (icid == ic->private.proto.icid)) - ret = False; + ret = False; return ret; } @@ -845,22 +844,22 @@ _XimProtoICFree( Xim im = (Xim)ic->core.im; #endif - if (ic->private.proto.preedit_font) { - Xfree(ic->private.proto.preedit_font); - ic->private.proto.preedit_font = NULL; - } - if (ic->private.proto.status_font) { - Xfree(ic->private.proto.status_font); - ic->private.proto.status_font = NULL; - } + + Xfree(ic->private.proto.preedit_font); + ic->private.proto.preedit_font = NULL; + + + Xfree(ic->private.proto.status_font); + ic->private.proto.status_font = NULL; + if (ic->private.proto.commit_info) { _XimFreeCommitInfo(ic); ic->private.proto.commit_info = NULL; } - if (ic->private.proto.ic_inner_resources) { - Xfree(ic->private.proto.ic_inner_resources); - ic->private.proto.ic_inner_resources = NULL; - } + + Xfree(ic->private.proto.ic_inner_resources); + ic->private.proto.ic_inner_resources = NULL; + #ifdef XIM_CONNECTABLE if (IS_SERVER_CONNECTED(im) && IS_RECONNECTABLE(im)) { @@ -868,18 +867,16 @@ _XimProtoICFree( } #endif /* XIM_CONNECTABLE */ - if (ic->private.proto.saved_icvalues) { - Xfree(ic->private.proto.saved_icvalues); - ic->private.proto.saved_icvalues = NULL; - } - if (ic->private.proto.ic_resources) { - Xfree(ic->private.proto.ic_resources); - ic->private.proto.ic_resources = NULL; - } - if (ic->core.hotkey) { - Xfree(ic->core.hotkey); - ic->core.hotkey = NULL; - } + Xfree(ic->private.proto.saved_icvalues); + ic->private.proto.saved_icvalues = NULL; + + + Xfree(ic->private.proto.ic_resources); + ic->private.proto.ic_resources = NULL; + + + Xfree(ic->core.hotkey); + ic->core.hotkey = NULL; return; } @@ -927,6 +924,30 @@ _XimProtoDestroyIC( return; } +/* + * Some functions require the request queue from the server to be flushed + * so that the ordering of client initiated status changes and those requested + * by the server is well defined. + * _XimSync() would be the function of choice here as it should get a + * XIM_SYNC_REPLY back from the server. + * This however isn't implemented in the piece of junk that is used by most + * input servers as the server side protocol if to XIM. + * Since this code is not shipped as a library together with the client side + * XIM code but is duplicated by every input server around the world there + * is no easy fix to this but this ugly hack below. + * Obtaining an IC value from the server sends a request and empties out the + * event/server request queue until the answer to this request is found. + * Thus it is guaranteed that any pending server side request gets processed. + * This is what the hack below is doing. + */ + +static void +BrokenSyncWithServer(XIC xic) +{ + CARD32 dummy; + XGetICValues(xic, XNFilterEvents, &dummy, NULL); +} + static void _XimProtoSetFocus( XIC xic) @@ -957,6 +978,7 @@ _XimProtoSetFocus( } } #endif /* XIM_CONNECTABLE */ + BrokenSyncWithServer(xic); buf_s[0] = im->private.proto.imid; /* imid */ buf_s[1] = ic->private.proto.icid; /* icid */ @@ -1003,6 +1025,8 @@ _XimProtoUnsetFocus( } #endif /* XIM_CONNECTABLE */ + BrokenSyncWithServer(xic); + buf_s[0] = im->private.proto.imid; /* imid */ buf_s[1] = ic->private.proto.icid; /* icid */ diff --git a/nx-X11/lib/modules/im/ximcp/imInsClbk.c b/nx-X11/lib/modules/im/ximcp/imInsClbk.c index 3ae6b1bd7..214e0a9af 100644 --- a/nx-X11/lib/modules/im/ximcp/imInsClbk.c +++ b/nx-X11/lib/modules/im/ximcp/imInsClbk.c @@ -108,7 +108,7 @@ _XimFilterPropertyNotify( } lock = True; - for( ii = 0; ii < nitems; ii++, atoms ) { + for( ii = 0; ii < nitems; ii++ ) { if(XGetSelectionOwner (display, atoms[ii])) { for( icb = callback_list; icb; icb = icb->next ) { if( !icb->call && !icb->destroy ) { diff --git a/nx-X11/lib/modules/im/ximcp/imLcIm.c b/nx-X11/lib/modules/im/ximcp/imLcIm.c index b3662bc96..41d4fb3fa 100644 --- a/nx-X11/lib/modules/im/ximcp/imLcIm.c +++ b/nx-X11/lib/modules/im/ximcp/imLcIm.c @@ -82,8 +82,8 @@ struct _XimCacheStruct { DTCharIndex mbused; DTCharIndex wcused; DTCharIndex utf8used; - char fname[1]; - /* char encoding[1] */ + char fname[]; + /* char encoding[] */ }; static struct _XimCacheStruct* _XimCache_mmap = NULL; @@ -281,7 +281,7 @@ _XimReadCachedDefaultTree( assert (m->id == XIM_CACHE_MAGIC); assert (m->version == XIM_CACHE_VERSION); if (size != m->size || - size < XOffsetOf (struct _XimCacheStruct, fname) + namelen + encodinglen) { + size < sizeof (struct _XimCacheStruct) + namelen + encodinglen) { fprintf (stderr, "Ignoring broken XimCache %s [%s]\n", name, encoding); munmap (m, size); return False; @@ -442,7 +442,7 @@ _XimWriteCachedDefaultTree( int fd; FILE *fp; struct _XimCacheStruct *m; - int msize = (XOffsetOf(struct _XimCacheStruct, fname) + int msize = (sizeof(struct _XimCacheStruct) + strlen(name) + strlen(encoding) + 2 + XIM_CACHE_TREE_ALIGNMENT-1) & -XIM_CACHE_TREE_ALIGNMENT; DefTreeBase *b = &im->private.local.base; diff --git a/nx-X11/lib/modules/im/ximcp/imLcLkup.c b/nx-X11/lib/modules/im/ximcp/imLcLkup.c index 878b8e350..ac9a1705c 100644 --- a/nx-X11/lib/modules/im/ximcp/imLcLkup.c +++ b/nx-X11/lib/modules/im/ximcp/imLcLkup.c @@ -61,8 +61,8 @@ _XimLocalMbLookupString(XIC xic, XKeyEvent *ev, char *buffer, int bytes, ||(ic->private.local.brl_committed != 0))) { if (ic->private.local.brl_committed != 0) { /* Braille Event */ unsigned char pattern = ic->private.local.brl_committed; - char mb[XLC_PUBLIC(ic->core.im->core.lcd, mb_cur_max)]; - ret = _Xlcwctomb(ic->core.im->core.lcd, mb, BRL_UC_ROW | pattern); + char mb2[XLC_PUBLIC(ic->core.im->core.lcd, mb_cur_max)]; + ret = _Xlcwctomb(ic->core.im->core.lcd, mb2, BRL_UC_ROW | pattern); if(ret > bytes) { if(status) *status = XBufferOverflow; return(ret); @@ -74,7 +74,7 @@ _XimLocalMbLookupString(XIC xic, XKeyEvent *ev, char *buffer, int bytes, } else { if(status) *status = XLookupChars; } - memcpy(buffer, mb, ret); + memcpy(buffer, mb2, ret); } else { if(keysym) { if(status) *status = XLookupKeySym; diff --git a/nx-X11/lib/modules/om/generic/omGeneric.c b/nx-X11/lib/modules/om/generic/omGeneric.c index 68eec01c0..ec612d379 100644 --- a/nx-X11/lib/modules/om/generic/omGeneric.c +++ b/nx-X11/lib/modules/om/generic/omGeneric.c @@ -1617,15 +1617,14 @@ free_fontdataOM( FontData font_data, int font_data_count) { + if (!font_data) + return; + for( ; font_data_count-- ; font_data++) { - if(font_data->name){ Xfree(font_data->name); font_data->name = NULL; - } - if(font_data->scopes){ Xfree(font_data->scopes); font_data->scopes = NULL; - } } } @@ -1639,51 +1638,41 @@ close_om( if ((data = gen->data)) { for (count = gen->data_num; count-- > 0; data++) { - if (data->charset_list){ Xfree(data->charset_list); data->charset_list = NULL; - } + /* free font_data for om */ - if (data->font_data) { free_fontdataOM(data->font_data,data->font_data_count); Xfree(data->font_data); data->font_data = NULL; - } + /* free substitute for om */ - if (data->substitute) { free_fontdataOM(data->substitute,data->substitute_num); Xfree(data->substitute); data->substitute = NULL; - } + /* free vmap for om */ - if (data->vmap) { free_fontdataOM(data->vmap,data->vmap_num); Xfree(data->vmap); data->vmap = NULL; - } + /* free vrotate for om */ - if (data->vrotate) { Xfree(data->vrotate); data->vrotate = NULL; - } } Xfree(gen->data); gen->data = NULL; } - if (gen->object_name){ Xfree(gen->object_name); gen->object_name = NULL; - } - if (om->core.res_name){ Xfree(om->core.res_name); om->core.res_name = NULL; - } - if (om->core.res_class){ + Xfree(om->core.res_class); om->core.res_class = NULL; - } + if (om->core.required_charset.charset_list && om->core.required_charset.charset_count > 0){ XFreeStringList(om->core.required_charset.charset_list); @@ -1692,10 +1681,9 @@ close_om( Xfree((char*)om->core.required_charset.charset_list); om->core.required_charset.charset_list = NULL; } - if (om->core.orientation_list.orientation){ + Xfree(om->core.orientation_list.orientation); om->core.orientation_list.orientation = NULL; - } Xfree(om); diff --git a/nx-X11/lib/src/DisName.c b/nx-X11/lib/src/DisName.c index 87a1e2f0e..5a90ab34f 100644 --- a/nx-X11/lib/src/DisName.c +++ b/nx-X11/lib/src/DisName.c @@ -60,5 +60,5 @@ XDisplayName( return( (char *)display ); if ( (d = getenv( "DISPLAY" )) != (char *)NULL ) return( d ); - return( "" ); + return( (char *) "" ); } diff --git a/nx-X11/lib/src/FSWrap.c b/nx-X11/lib/src/FSWrap.c index 015965779..1b244f43c 100644 --- a/nx-X11/lib/src/FSWrap.c +++ b/nx-X11/lib/src/FSWrap.c @@ -195,7 +195,7 @@ XCreateFontSet ( if (oc && def_string) { *def_string = oc->core.default_string; if (!*def_string) - *def_string = ""; + *def_string = (char *)""; } if (oc == NULL) diff --git a/nx-X11/lib/src/FontNames.c b/nx-X11/lib/src/FontNames.c index 9ffdfd299..ec7d90fa2 100644 --- a/nx-X11/lib/src/FontNames.c +++ b/nx-X11/lib/src/FontNames.c @@ -88,24 +88,16 @@ int *actualCount) /* RETURN */ * unpack into null terminated strings. */ chstart = ch; - chend = ch + (rlen + 1); + chend = ch + rlen; length = *(unsigned char *)ch; *ch = 1; /* make sure it is non-zero for XFreeFontNames */ for (i = 0; i < rep.nFonts; i++) { if (ch + length < chend) { flist[i] = ch + 1; /* skip over length */ ch += length + 1; /* find next length ... */ - if (ch <= chend) { - length = *(unsigned char *)ch; - *ch = '\0'; /* and replace with null-termination */ - count++; - } else { - Xfree(chstart); - Xfree(flist); - flist = NULL; - count = 0; - break; - } + length = *(unsigned char *)ch; + *ch = '\0'; /* and replace with null-termination */ + count++; } else { Xfree(chstart); Xfree(flist); diff --git a/nx-X11/lib/src/GetFPath.c b/nx-X11/lib/src/GetFPath.c index 3d87e4f64..87d257615 100644 --- a/nx-X11/lib/src/GetFPath.c +++ b/nx-X11/lib/src/GetFPath.c @@ -69,15 +69,20 @@ char **XGetFontPath( /* * unpack into null terminated strings. */ - chend = ch + (nbytes + 1); - length = *ch; + chend = ch + nbytes; + length = *(unsigned char *)ch; for (i = 0; i < rep.nPaths; i++) { if (ch + length < chend) { flist[i] = ch+1; /* skip over length */ ch += length + 1; /* find next length ... */ - length = *ch; + length = *(unsigned char *)ch; *ch = '\0'; /* and replace with null-termination */ count++; + } else if (i == 0) { + Xfree(flist); + Xfree(ch); + flist = NULL; + break; } else flist[i] = NULL; } diff --git a/nx-X11/lib/src/GetImage.c b/nx-X11/lib/src/GetImage.c index d80f6715f..96d9ce337 100644 --- a/nx-X11/lib/src/GetImage.c +++ b/nx-X11/lib/src/GetImage.c @@ -105,14 +105,16 @@ XImage *XGetImage ( planes = 1; } - if (!image) + if (!image) { Xfree(data); - if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 || - INT_MAX / image->height <= image->bytes_per_line || - INT_MAX / planes <= image->height * image->bytes_per_line || - nbytes < planes * image->height * image->bytes_per_line) { - XDestroyImage(image); - image = NULL; + } else { + if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 || + INT_MAX / image->height <= image->bytes_per_line || + INT_MAX / planes <= image->height * image->bytes_per_line || + nbytes < planes * image->height * image->bytes_per_line) { + XDestroyImage(image); + image = NULL; + } } UnlockDisplay(dpy); SyncHandle(); diff --git a/nx-X11/lib/src/LiHosts.c b/nx-X11/lib/src/LiHosts.c index 29c36ffb5..315e4dbb4 100644 --- a/nx-X11/lib/src/LiHosts.c +++ b/nx-X11/lib/src/LiHosts.c @@ -119,11 +119,16 @@ XHostAddress *XListHosts ( _XRead (dpy, (char *) buf, nbytes); for (i = 0; i < reply.nHosts; i++) { + if (bp > buf + nbytes - SIZEOF(xHostEntry)) + goto fail; op->family = ((xHostEntry *) bp)->family; op->length =((xHostEntry *) bp)->length; if (op->family == FamilyServerInterpreted) { char *tp = (char *) (bp + SIZEOF(xHostEntry)); - char *vp = memchr(tp, 0, op->length); + char *vp; + if (tp > (char *) (buf + nbytes - op->length)) + goto fail; + vp = memchr(tp, 0, op->length); if (vp != NULL) { sip->type = tp; @@ -138,6 +143,8 @@ XHostAddress *XListHosts ( sip++; } else { op->address = (char *) (bp + SIZEOF(xHostEntry)); + if (op->address > (char *) (buf + nbytes - op->length)) + goto fail; } bp += SIZEOF(xHostEntry) + (((op->length + 3) >> 2) << 2); op++; @@ -149,9 +156,9 @@ XHostAddress *XListHosts ( UnlockDisplay(dpy); SyncHandle(); return (outbuf); +fail: + *enabled = reply.enabled; + *nhosts = 0; + Xfree(outbuf); + return (NULL); } - - - - - diff --git a/nx-X11/lib/src/ListExt.c b/nx-X11/lib/src/ListExt.c index 7fdf9932c..a795041d0 100644 --- a/nx-X11/lib/src/ListExt.c +++ b/nx-X11/lib/src/ListExt.c @@ -74,19 +74,20 @@ char **XListExtensions( /* * unpack into null terminated strings. */ - chend = ch + (rlen + 1); - length = *ch; + chend = ch + rlen; + length = *(unsigned char *)ch; for (i = 0; i < rep.nExtensions; i++) { if (ch + length < chend) { list[i] = ch+1; /* skip over length */ ch += length + 1; /* find next length ... */ - if (ch <= chend) { - length = *ch; - *ch = '\0'; /* and replace with null-termination */ - count++; - } else { - list[i] = NULL; - } + length = *(unsigned char *)ch; + *ch = '\0'; /* and replace with null-termination */ + count++; + } else if (i == 0) { + Xfree(list); + Xfree(ch); + list = NULL; + break; } else list[i] = NULL; } diff --git a/nx-X11/lib/src/SetHints.c b/nx-X11/lib/src/SetHints.c index eed360f46..db5e7527e 100644 --- a/nx-X11/lib/src/SetHints.c +++ b/nx-X11/lib/src/SetHints.c @@ -211,7 +211,7 @@ XSetCommand ( int argc) { register int i; - register int nbytes; + size_t nbytes; register char *buf, *bp; for (i = 0, nbytes = 0; i < argc; i++) { nbytes += safestrlen(argv[i]) + 1; @@ -295,7 +295,7 @@ XSetClassHint( { char *class_string; char *s; - int len_nm, len_cl; + size_t len_nm, len_cl; len_nm = safestrlen(classhint->res_name); len_cl = safestrlen(classhint->res_class); diff --git a/nx-X11/lib/src/StColor.c b/nx-X11/lib/src/StColor.c index d5a217fb0..221fae136 100644 --- a/nx-X11/lib/src/StColor.c +++ b/nx-X11/lib/src/StColor.c @@ -50,6 +50,7 @@ XStoreColor( citem->green = def->green; citem->blue = def->blue; citem->flags = def->flags; /* do_red, do_green, do_blue */ + citem->pad = 0; UnlockDisplay(dpy); diff --git a/nx-X11/lib/src/StColors.c b/nx-X11/lib/src/StColors.c index 17a215cc0..fa1814c8e 100644 --- a/nx-X11/lib/src/StColors.c +++ b/nx-X11/lib/src/StColors.c @@ -53,6 +53,7 @@ XStoreColors( citem.green = defs[i].green; citem.blue = defs[i].blue; citem.flags = defs[i].flags; + citem.pad = 0; /* note that xColorItem doesn't contain all 16-bit quantities, so we can't use Data16 */ diff --git a/nx-X11/lib/src/StrKeysym.c b/nx-X11/lib/src/StrKeysym.c index 125aceca3..d7a9b7566 100644 --- a/nx-X11/lib/src/StrKeysym.c +++ b/nx-X11/lib/src/StrKeysym.c @@ -115,7 +115,7 @@ XStringToKeysym(_Xconst char *s) { XrmValue result; XrmRepresentation from_type; - char c; + char d; XrmQuark names[2]; names[0] = _XrmInternalStringToQuark(s, p - s - 1, sig, False); @@ -126,10 +126,10 @@ XStringToKeysym(_Xconst char *s) val = 0; for (i = 0; i < result.size - 1; i++) { - c = ((char *)result.addr)[i]; - if ('0' <= c && c <= '9') val = (val<<4)+c-'0'; - else if ('a' <= c && c <= 'f') val = (val<<4)+c-'a'+10; - else if ('A' <= c && c <= 'F') val = (val<<4)+c-'A'+10; + d = ((char *)result.addr)[i]; + if ('0' <= d && d <= '9') val = (val<<4)+d-'0'; + else if ('a' <= d && d <= 'f') val = (val<<4)+d-'a'+10; + else if ('A' <= d && d <= 'F') val = (val<<4)+d-'A'+10; else return NoSymbol; } return val; diff --git a/nx-X11/lib/src/XlibInt.c b/nx-X11/lib/src/XlibInt.c index 5afc65149..119126d3d 100644 --- a/nx-X11/lib/src/XlibInt.c +++ b/nx-X11/lib/src/XlibInt.c @@ -836,8 +836,12 @@ _XWaitForReadable( static int sync_hazard(Display *dpy) { - unsigned long span = dpy->request - dpy->last_request_read; - unsigned long hazard = min((dpy->bufmax - dpy->buffer) / SIZEOF(xReq), 65535 - 10); + /* + * "span" and "hazard" need to be signed such that the ">=" comparision + * works correctly in the case that hazard is greater than 65525 + */ + int64_t span = X_DPY_GET_REQUEST(dpy) - X_DPY_GET_LAST_REQUEST_READ(dpy); + int64_t hazard = min((dpy->bufmax - dpy->buffer) / SIZEOF(xReq), 65535 - 10); return span >= 65535 - hazard - 10; } @@ -876,7 +880,7 @@ void _XSeqSyncFunction( return; } #endif /* NX_TRANS_SOCKET */ - if ((dpy->request - dpy->last_request_read) >= (65535 - BUFSIZE/SIZEOF(xReq))) { + if ((X_DPY_GET_REQUEST(dpy) - X_DPY_GET_LAST_REQUEST_READ(dpy)) >= (65535 - BUFSIZE/SIZEOF(xReq))) { GetEmptyReq(GetInputFocus, req); (void) _XReply (dpy, (xReply *)&rep, 0, xTrue); sync_while_locked(dpy); @@ -2072,9 +2076,9 @@ _XSetLastRequestRead( register Display *dpy, register xGenericReply *rep) { - register unsigned long newseq, lastseq; + register uint64_t newseq, lastseq; - lastseq = dpy->last_request_read; + lastseq = X_DPY_GET_LAST_REQUEST_READ(dpy); /* * KeymapNotify has no sequence number, but is always guaranteed * to immediately follow another event, except when generated via @@ -2083,30 +2087,31 @@ _XSetLastRequestRead( if ((rep->type & 0x7f) == KeymapNotify) return(lastseq); - newseq = (lastseq & ~((unsigned long)0xffff)) | rep->sequenceNumber; + newseq = (lastseq & ~((uint64_t)0xffff)) | rep->sequenceNumber; if (newseq < lastseq) { newseq += 0x10000; - if (newseq > dpy->request) { + if (newseq > X_DPY_GET_REQUEST(dpy)) { #ifdef NX_TRANS_SOCKET if (_NXLostSequenceFunction != NULL) - { - (*_NXLostSequenceFunction)(dpy, newseq, dpy->request, - (unsigned int) rep->type); - } - else + { + (*_NXLostSequenceFunction)(dpy, newseq, X_DPY_GET_REQUEST(dpy), + (unsigned int) rep->type); + } + else #endif /* #ifdef NX_TRANS_SOCKET */ - { - (void) fprintf (stderr, - "Xlib: sequence lost (0x%lx > 0x%lx) in reply type 0x%x!\n", - newseq, dpy->request, - (unsigned int) rep->type); - } + { + (void) fprintf (stderr, + "Xlib: sequence lost (0x%llx > 0x%llx) in reply type 0x%x!\n", + (unsigned long long)newseq, + (unsigned long long)(X_DPY_GET_REQUEST(dpy)), + (unsigned int) rep->type); + } newseq -= 0x10000; } } - dpy->last_request_read = newseq; + X_DPY_SET_LAST_REQUEST_READ(dpy, newseq); return(newseq); } @@ -2652,8 +2657,8 @@ XAddConnectionWatch( /* allocate new watch data */ for (info_list=dpy->im_fd_info; info_list; info_list=info_list->next) { - wd_array = Xrealloc(info_list->watch_data, - (dpy->watcher_count + 1) * sizeof(XPointer)); + wd_array = Xrealloc(info_list->watch_data, + (dpy->watcher_count + 1) * sizeof(XPointer)); if (!wd_array) { UnlockDisplay(dpy); return 0; @@ -2921,15 +2926,12 @@ void _XEnq( /* If dpy->qfree is non-NULL do this, else malloc a new one. */ dpy->qfree = qelt->next; } - else if ((qelt = Xmalloc(sizeof(_XQEvent))) == NULL) { + else if ((qelt = Xmalloc(sizeof(_XQEvent))) == NULL) { /* Malloc call failed! */ ESET(ENOMEM); -#ifdef NX_TRANS_SOCKET _XIOError(dpy); - +#ifdef NX_TRANS_SOCKET return; -#else - _XIOError(dpy); #endif } qelt->next = NULL; @@ -3590,10 +3592,10 @@ static int _XPrintDefaultError( mesg, BUFSIZ); fputs(" ", fp); (void) fprintf(fp, mesg, event->serial); - XGetErrorDatabaseText(dpy, mtype, "CurrentSerial", "Current Serial #%d", + XGetErrorDatabaseText(dpy, mtype, "CurrentSerial", "Current Serial #%lld", mesg, BUFSIZ); fputs("\n ", fp); - (void) fprintf(fp, mesg, dpy->request); + (void) fprintf(fp, mesg, (unsigned long long)(X_DPY_GET_REQUEST(dpy))); fputs("\n", fp); if (event->error_code == BadImplementation) return 0; return 1; @@ -3658,17 +3660,17 @@ int _XError ( return 0; if (_XErrorFunction != NULL) { int rtn_val; -#if defined(XTHREADS) && !USE_XCB +#ifdef XTHREADS if (dpy->lock) (*dpy->lock->user_lock_display)(dpy); UnlockDisplay(dpy); -#endif /* XTHREADS && !USE_XCB */ +#endif rtn_val = (*_XErrorFunction)(dpy, (XErrorEvent *)&event); /* upcall */ -#if defined(XTHREADS) && !USE_XCB +#ifdef XTHREADS LockDisplay(dpy); if (dpy->lock) (*dpy->lock->user_unlock_display)(dpy); -#endif /* XTHREADS && !USE_XCB */ +#endif return rtn_val; } else { return _XDefaultError(dpy, (XErrorEvent *)&event); @@ -3978,20 +3980,20 @@ void *_XGetRequest(Display *dpy, CARD8 type, size_t len) xReq *req; if (dpy->bufptr + len > dpy->bufmax) - _XFlush(dpy); + _XFlush(dpy); /* Request still too large, so do not allow it to overflow. */ if (dpy->bufptr + len > dpy->bufmax) { - fprintf(stderr, - "Xlib: request %d length %zd would exceed buffer size.\n", - type, len); - /* Changes failure condition from overflow to NULL dereference. */ - return NULL; + fprintf(stderr, + "Xlib: request %d length %zd would exceed buffer size.\n", + type, len); + /* Changes failure condition from overflow to NULL dereference. */ + return NULL; } if (len % 4) - fprintf(stderr, - "Xlib: request %d length %zd not a multiple of 4.\n", - type, len); + fprintf(stderr, + "Xlib: request %d length %zd not a multiple of 4.\n", + type, len); dpy->last_req = dpy->bufptr; @@ -3999,7 +4001,7 @@ void *_XGetRequest(Display *dpy, CARD8 type, size_t len) req->reqType = type; req->length = len / 4; dpy->bufptr += len; - dpy->request++; + X_DPY_REQUEST_INCREMENT(dpy); return req; } diff --git a/nx-X11/lib/src/xcms/LRGB.c b/nx-X11/lib/src/xcms/LRGB.c index 38cc6cfb4..4bfa3cfb1 100644 --- a/nx-X11/lib/src/xcms/LRGB.c +++ b/nx-X11/lib/src/xcms/LRGB.c @@ -795,6 +795,9 @@ LINEAR_RGB_InitSCCData( return(XcmsSuccess); +FreeBlueTblElements: + Xfree(pScreenData->pBlueTbl->pBase); + FreeBlueTbl: Xfree(pScreenData->pBlueTbl); diff --git a/nx-X11/lib/src/xcms/cmsColNm.c b/nx-X11/lib/src/xcms/cmsColNm.c index c6f1e0f31..829749112 100644 --- a/nx-X11/lib/src/xcms/cmsColNm.c +++ b/nx-X11/lib/src/xcms/cmsColNm.c @@ -314,7 +314,7 @@ field2( /* Find Field 1 */ while (!isgraph(*pBuf)) { - if ((*pBuf != '\n') || (*pBuf != '\0')) { + if ((*pBuf == '\n') || (*pBuf == '\0')) { return(XcmsFailure); } if (isspace(*pBuf) || (*pBuf == delim)) { diff --git a/nx-X11/lib/src/xcms/cmsProp.c b/nx-X11/lib/src/xcms/cmsProp.c index a7aa5b5c5..cb7bd10c6 100644 --- a/nx-X11/lib/src/xcms/cmsProp.c +++ b/nx-X11/lib/src/xcms/cmsProp.c @@ -142,6 +142,7 @@ _XcmsGetProperty( if (xgwp_ret != Success || format_ret == 0 || nitems_ret == 0) { /* the property does not exist or is of an unexpected type or getting window property failed */ + XFree (prop_ret); return(XcmsFailure); } diff --git a/nx-X11/lib/src/xkb/XKBAlloc.c b/nx-X11/lib/src/xkb/XKBAlloc.c index 9c3430c1a..5621f713a 100644 --- a/nx-X11/lib/src/xkb/XKBAlloc.c +++ b/nx-X11/lib/src/xkb/XKBAlloc.c @@ -216,24 +216,22 @@ XkbFreeNames(XkbDescPtr xkb, unsigned which, Bool freeMap) type = map->types; for (i = 0; i < map->num_types; i++, type++) { - if (type->level_names != NULL) { _XkbFree(type->level_names); type->level_names = NULL; - } } } } - if ((which & XkbKeyNamesMask) && (names->keys != NULL)) { + if (which & XkbKeyNamesMask) { _XkbFree(names->keys); names->keys = NULL; names->num_keys = 0; } - if ((which & XkbKeyAliasesMask) && (names->key_aliases)) { + if (which & XkbKeyAliasesMask) { _XkbFree(names->key_aliases); names->key_aliases = NULL; names->num_key_aliases = 0; } - if ((which & XkbRGNamesMask) && (names->radio_groups)) { + if (which & XkbRGNamesMask) { _XkbFree(names->radio_groups); names->radio_groups = NULL; names->num_rg = 0; diff --git a/nx-X11/lib/src/xlibi18n/lcCT.c b/nx-X11/lib/src/xlibi18n/lcCT.c index 6e3f21e92..a2ff93c8a 100644 --- a/nx-X11/lib/src/xlibi18n/lcCT.c +++ b/nx-X11/lib/src/xlibi18n/lcCT.c @@ -1021,19 +1021,19 @@ cstoct( ) { while (csstr_len > 0 && ct_len > 0) { unsigned char ch = * (const unsigned char *) csptr; - int char_size = (ch < 0xc0 ? 1 : + int ch_size = (ch < 0xc0 ? 1 : ch < 0xe0 ? 2 : ch < 0xf0 ? 3 : ch < 0xf8 ? 4 : ch < 0xfc ? 5 : 6); int i; - if (!(csstr_len >= char_size && ct_len >= char_size)) + if (!(csstr_len >= ch_size && ct_len >= ch_size)) break; - for (i = char_size; i > 0; i--) + for (i = ch_size; i > 0; i--) *ctptr++ = *csptr++; - csstr_len -= char_size; - ct_len -= char_size; + csstr_len -= ch_size; + ct_len -= ch_size; } } else { while (csstr_len > 0 && ct_len > 0) { diff --git a/nx-X11/lib/src/xlibi18n/lcDB.c b/nx-X11/lib/src/xlibi18n/lcDB.c index cc14bed72..eb46f8fbd 100644 --- a/nx-X11/lib/src/xlibi18n/lcDB.c +++ b/nx-X11/lib/src/xlibi18n/lcDB.c @@ -781,7 +781,7 @@ f_right_brace( case S_VALUE: if (! store_to_database(db)) return 0; - /* fall into next case */ + /* fall through - to next case */ case S_CATEGORY: if (parse_info.name[parse_info.nest_depth] != NULL) { Xfree(parse_info.name[parse_info.nest_depth]); diff --git a/nx-X11/lib/src/xlibi18n/lcGeneric.c b/nx-X11/lib/src/xlibi18n/lcGeneric.c index 58ee5d27c..f816fee77 100644 --- a/nx-X11/lib/src/xlibi18n/lcGeneric.c +++ b/nx-X11/lib/src/xlibi18n/lcGeneric.c @@ -77,6 +77,7 @@ create( return lcd; err: + Xfree(lcd->core); Xfree(lcd); return (XLCd) NULL; } diff --git a/nx-X11/lib/src/xlibi18n/lcPublic.c b/nx-X11/lib/src/xlibi18n/lcPublic.c index 98a7435fd..f35f17a63 100644 --- a/nx-X11/lib/src/xlibi18n/lcPublic.c +++ b/nx-X11/lib/src/xlibi18n/lcPublic.c @@ -97,6 +97,7 @@ create( return lcd; err: + Xfree(lcd->core); Xfree(lcd); return (XLCd) NULL; } -- cgit v1.2.3 From 701e702a121029098a6123bee9e43a9b81f4b3d9 Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller Date: Mon, 22 Oct 2018 22:44:23 +0200 Subject: libNX_X11: upgrade to X.org upstream version 1.6.7 This commit is the only change between Xorg's libX11 1.6.6 and 1.6.7 that affects our code. So were are effectively now on par with libX11 1.6.7 (commit f3c978476e0be6813268af494efb7ac507451116) From: Bhavi Dhingra Date: Mon, 28 Sep 2015 08:33:40 +0000 Subject: [PATCH] XcmsLookupColor: fully initialize XColor structs passed to _XColor_to_XcmsRGB Fixes https://gitlab.freedesktop.org/xorg/lib/libx11/issues/44 aka https://bugs.freedesktop.org/show_bug.cgi?id=92154 Reviewed-by: Alan Coopersmith Signed-off-by: Alan Coopersmith --- nx-X11/lib/src/xcms/cmsLkCol.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nx-X11/lib/src/xcms/cmsLkCol.c b/nx-X11/lib/src/xcms/cmsLkCol.c index 15e987424..a81c4cbf0 100644 --- a/nx-X11/lib/src/xcms/cmsLkCol.c +++ b/nx-X11/lib/src/xcms/cmsLkCol.c @@ -76,7 +76,8 @@ XcmsLookupColor ( register int n; xLookupColorReply reply; register xLookupColorReq *req; - XColor def, scr; + XColor def = {0,}; + XColor scr = {0,}; /* * 0. Check for invalid arguments. -- cgit v1.2.3