diff options
25 files changed, 150 insertions, 101 deletions
diff --git a/libX11/specs/libX11/AppC.xml b/libX11/specs/libX11/AppC.xml index df250275e..0b37048f1 100644 --- a/libX11/specs/libX11/AppC.xml +++ b/libX11/specs/libX11/AppC.xml @@ -2468,7 +2468,9 @@ which is the same as <function>GetReq</function> except that it takes an additional argument (the number of extra bytes to allocate in the output buffer after the request structure). -This number should always be a multiple of four. +This number should always be a multiple of four. Note that it is possible +for req to be set to NULL as a defensive measure if the requested length +exceeds the Xlib's buffer size (normally 16K). </para> </sect2> <sect2 id="Variable_Length_Arguments"> diff --git a/libX11/src/Host.c b/libX11/src/Host.c index da9923a9e..da5e2f7d3 100644 --- a/libX11/src/Host.c +++ b/libX11/src/Host.c @@ -83,6 +83,10 @@ XAddHost ( LockDisplay(dpy); GetReqExtra (ChangeHosts, length, req); + if (!req) { + UnlockDisplay(dpy); + return 0; + } req->mode = HostInsert; req->hostFamily = host->family; req->hostLength = addrlen; @@ -118,6 +122,10 @@ XRemoveHost ( LockDisplay(dpy); GetReqExtra (ChangeHosts, length, req); + if (!req) { + UnlockDisplay(dpy); + return 0; + } req->mode = HostDelete; req->hostFamily = host->family; req->hostLength = addrlen; diff --git a/libX11/src/ModMap.c b/libX11/src/ModMap.c index 04cd676eb..836a67621 100644 --- a/libX11/src/ModMap.c +++ b/libX11/src/ModMap.c @@ -65,9 +65,9 @@ XGetModifierMapping(register Display *dpy) /* * Returns: - * 0 Success - * 1 Busy - one or more old or new modifiers are down - * 2 Failed - one or more new modifiers unacceptable + * MappingSuccess (0) Success + * MappingBusy (1) Busy - one or more old or new modifiers are down + * MappingFailed (2) Failed - one or more new modifiers unacceptable */ int XSetModifierMapping( @@ -80,6 +80,10 @@ XSetModifierMapping( LockDisplay(dpy); GetReqExtra(SetModifierMapping, mapSize, req); + if (!req) { + UnlockDisplay(dpy); + return MappingFailed; + } req->numKeyPerModifier = modifier_map->max_keypermod; diff --git a/libX11/src/XlibInt.c b/libX11/src/XlibInt.c index 92a434004..7521f12ad 100644 --- a/libX11/src/XlibInt.c +++ b/libX11/src/XlibInt.c @@ -1733,6 +1733,14 @@ void *_XGetRequest(Display *dpy, CARD8 type, size_t len) if (dpy->bufptr + len > dpy->bufmax) _XFlush(dpy); + /* Request still too large, so do not allow it to overflow. */ + if (dpy->bufptr + len > dpy->bufmax) { + fprintf(stderr, + "Xlib: request %d length %zd would exceed buffer size.\n", + type, len); + /* Changes failure condition from overflow to NULL dereference. */ + return NULL; + } if (len % 4) fprintf(stderr, diff --git a/libXmu/src/CrCmap.c b/libXmu/src/CrCmap.c index 9cb5c81c0..4414b1f27 100644 --- a/libXmu/src/CrCmap.c +++ b/libXmu/src/CrCmap.c @@ -496,7 +496,7 @@ RWcell(Display *dpy, Colormap cmap, XColor *color, XColor *request, static int compare(_Xconst void *e1, _Xconst void *e2) { - return ((int)(*(long *)e1 - *(long *)e2)); + return ((int)(*(_Xconst long *)e1 - *(_Xconst long *)e2)); } diff --git a/libXmu/src/LocBitmap.c b/libXmu/src/LocBitmap.c index 1d8b19828..229d0fde4 100644 --- a/libXmu/src/LocBitmap.c +++ b/libXmu/src/LocBitmap.c @@ -150,7 +150,7 @@ XmuLocatePixmapFile(Screen *screen, _Xconst char *name, */ for (i = 1; i <= 4; i++) { - char *fn = filename; + const char *fn = filename; Pixmap pixmap; unsigned char *data; @@ -158,7 +158,7 @@ XmuLocatePixmapFile(Screen *screen, _Xconst char *name, case 1: if (!(name[0] == '/' || ((name[0] == '.') && name[1] == '/'))) continue; - fn = (char *) name; + fn = name; try_plain_name = False; break; case 2: @@ -175,7 +175,7 @@ XmuLocatePixmapFile(Screen *screen, _Xconst char *name, break; case 4: if (!try_plain_name) continue; - fn = (char *) name; + fn = name; break; } diff --git a/libXmu/src/Lower.c b/libXmu/src/Lower.c index d3aaaf3ee..d33d20442 100644 --- a/libXmu/src/Lower.c +++ b/libXmu/src/Lower.c @@ -60,9 +60,10 @@ in this Software without prior written authorization from The Open Group. void XmuCopyISOLatin1Lowered(char *dst, _Xconst char *src) { - register unsigned char *dest, *source; + unsigned char *dest; + _Xconst unsigned char *source; - for (dest = (unsigned char *)dst, source = (unsigned char *)src; + for (dest = (unsigned char *)dst, source = (_Xconst unsigned char *)src; *source; source++, dest++) *dest = XmuTolower(*source); @@ -72,9 +73,10 @@ XmuCopyISOLatin1Lowered(char *dst, _Xconst char *src) void XmuCopyISOLatin1Uppered(char *dst, _Xconst char *src) { - register unsigned char *dest, *source; + unsigned char *dest; + _Xconst unsigned char *source; - for (dest = (unsigned char *)dst, source = (unsigned char *)src; + for (dest = (unsigned char *)dst, source = (_Xconst unsigned char *)src; *source; source++, dest++) *dest = XmuToupper(*source); @@ -84,9 +86,9 @@ XmuCopyISOLatin1Uppered(char *dst, _Xconst char *src) int XmuCompareISOLatin1(_Xconst char *first, _Xconst char *second) { - register unsigned char *ap, *bp; + _Xconst unsigned char *ap, *bp; - for (ap = (unsigned char *)first, bp = (unsigned char *)second; + for (ap = (_Xconst unsigned char *)first, bp = (_Xconst unsigned char *)second; *ap && *bp && XmuTolower(*ap) == XmuTolower(*bp); ap++, bp++) ; @@ -97,11 +99,12 @@ XmuCompareISOLatin1(_Xconst char *first, _Xconst char *second) void XmuNCopyISOLatin1Lowered(char *dst, _Xconst char *src, register int size) { - register unsigned char *dest, *source; + unsigned char *dest; + _Xconst unsigned char *source; if (size > 0) { - for (dest = (unsigned char *)dst, source = (unsigned char *)src; + for (dest = (unsigned char *)dst, source = (_Xconst unsigned char *)src; *source && size > 1; source++, dest++, size--) *dest = XmuTolower(*source); @@ -112,11 +115,12 @@ XmuNCopyISOLatin1Lowered(char *dst, _Xconst char *src, register int size) void XmuNCopyISOLatin1Uppered(char *dst, _Xconst char *src, register int size) { - register unsigned char *dest, *source; + unsigned char *dest; + _Xconst unsigned char *source; if (size > 0) { - for (dest = (unsigned char *)dst, source = (unsigned char *)src; + for (dest = (unsigned char *)dst, source = ( _Xconst unsigned char *)src; *source && size > 1; source++, dest++, size--) *dest = XmuToupper(*source); diff --git a/libXmu/src/WidgetNode.c b/libXmu/src/WidgetNode.c index db295bf15..037eb0cdf 100644 --- a/libXmu/src/WidgetNode.c +++ b/libXmu/src/WidgetNode.c @@ -86,8 +86,8 @@ static int compare_resource_entries(register _Xconst void *a, register _Xconst void *b) { - return strcmp (((XtResourceList)a)->resource_name, - ((XtResourceList)b)->resource_name); + return strcmp (((_Xconst XtResource *)a)->resource_name, + ((_Xconst XtResource *)b)->resource_name); } diff --git a/mesalib/Makefile.am b/mesalib/Makefile.am index 29405a0fd..63e02c6a0 100644 --- a/mesalib/Makefile.am +++ b/mesalib/Makefile.am @@ -26,12 +26,6 @@ ACLOCAL_AMFLAGS = -I m4 doxygen: cd doxygen && $(MAKE) -check-local: - $(MAKE) -C src/mapi/glapi/tests check - $(MAKE) -C src/mapi/shared-glapi/tests check - $(MAKE) -C src/mesa/main/tests check - $(MAKE) -C src/glx/tests check - .PHONY: doxygen # Rules for making release tarballs diff --git a/mesalib/configure.ac b/mesalib/configure.ac index 35f6797ee..21a1986b2 100644 --- a/mesalib/configure.ac +++ b/mesalib/configure.ac @@ -618,19 +618,19 @@ AC_ARG_ENABLE([opencl], @<:@default=no@:>@])], [], [enable_opencl=no]) -AC_ARG_ENABLE([xlib_glx], +AC_ARG_ENABLE([xlib-glx], [AS_HELP_STRING([--enable-xlib-glx], [make GLX library Xlib-based instead of DRI-based @<:@default=disabled@:>@])], [enable_xlib_glx="$enableval"], [enable_xlib_glx=no]) -AC_ARG_ENABLE([gallium_egl], +AC_ARG_ENABLE([gallium-egl], [AS_HELP_STRING([--enable-gallium-egl], [enable optional EGL state tracker (not required for EGL support in Gallium with OpenGL and OpenGL ES) @<:@default=disable@:>@])], [enable_gallium_egl="$enableval"], [enable_gallium_egl=no]) -AC_ARG_ENABLE([gallium_gbm], +AC_ARG_ENABLE([gallium-gbm], [AS_HELP_STRING([--enable-gallium-gbm], [enable optional gbm state tracker (not required for gbm support in Gallium) @@ -644,7 +644,7 @@ AC_ARG_ENABLE([r600-llvm-compiler], [enable_r600_llvm="$enableval"], [enable_r600_llvm=no]) -AC_ARG_ENABLE([gallium_tests], +AC_ARG_ENABLE([gallium-tests], [AS_HELP_STRING([--enable-gallium-tests], [Enable optional Gallium tests) @<:@default=disable@:>@])], [enable_gallium_tests="$enableval"], @@ -1423,8 +1423,6 @@ AC_ARG_WITH([egl-platforms], with_egl_platforms="" fi]) -EGL_PLATFORMS="" - if test "x$with_egl_platforms" != "x" -a "x$enable_egl" != xyes; then AC_MSG_ERROR([cannot build egl state tracker without EGL library]) fi @@ -1478,8 +1476,6 @@ else EGL_NATIVE_PLATFORM="_EGL_INVALID_PLATFORM" fi -EGL_PLATFORMS="$egl_platforms" - if echo "$egl_platforms" | grep 'x11' >/dev/null 2>&1; then NEED_WINSYS_XLIB=yes fi @@ -1493,7 +1489,6 @@ AM_CONDITIONAL(HAVE_EGL_DRIVER_DRI2, test "x$HAVE_EGL_DRIVER_DRI2" != "x") AM_CONDITIONAL(HAVE_EGL_DRIVER_GLX, test "x$HAVE_EGL_DRIVER_GLX" != "x") AC_SUBST([EGL_NATIVE_PLATFORM]) -AC_SUBST([EGL_PLATFORMS]) AC_SUBST([EGL_CFLAGS]) # If we don't have the X11 platform, set this define so we don't try to include @@ -2184,7 +2179,7 @@ dnl EGL echo "" echo " EGL: $enable_egl" if test "$enable_egl" = yes; then - echo " EGL platforms: $EGL_PLATFORMS" + echo " EGL platforms: $egl_platforms" egl_drivers="" if test "x$HAVE_EGL_DRIVER_GLX" != "x"; then diff --git a/mesalib/docs/GL3.txt b/mesalib/docs/GL3.txt index f2152a31e..64986ea73 100644 --- a/mesalib/docs/GL3.txt +++ b/mesalib/docs/GL3.txt @@ -156,5 +156,19 @@ ARB_texture_view not started ARB_vertex_attrib_binding not started +GL 4.4: + +GLSL 4.4 not started +MAX_VERTEX_ATTRIB_STRIDE not started +ARB_buffer_storage not started +ARB_clear_texture not started +ARB_enhanced_layouts not started +ARB_multi_bind not started +ARB_query_buffer_object not started +ARB_texture_mirror_clamp_to_edge not started +ARB_texture_stencil8 not started +ARB_vertex_type_10f_11f_11f_rev not started + + More info about these features and the work involved can be found at http://dri.freedesktop.org/wiki/MissingFunctionality diff --git a/mesalib/src/mapi/glapi/Makefile.am b/mesalib/src/mapi/glapi/Makefile.am index 1698d1474..05c67a6d4 100644 --- a/mesalib/src/mapi/glapi/Makefile.am +++ b/mesalib/src/mapi/glapi/Makefile.am @@ -19,6 +19,8 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. +SUBDIRS = . tests + TOP = $(top_srcdir) include Makefile.sources include ../Makefile.sources diff --git a/mesalib/src/mesa/Makefile.am b/mesalib/src/mesa/Makefile.am index d5f5f5b86..e9c16e78e 100644 --- a/mesalib/src/mesa/Makefile.am +++ b/mesalib/src/mesa/Makefile.am @@ -23,7 +23,7 @@ if NEED_LIBDRICORE DRICORE_SUBDIR = libdricore endif -SUBDIRS = program x86 x86-64 . $(DRICORE_SUBDIR) +SUBDIRS = program x86 x86-64 . $(DRICORE_SUBDIR) main/tests if HAVE_X11_DRIVER SUBDIRS += drivers/x11 diff --git a/xorg-server/configure.ac b/xorg-server/configure.ac index 89a7a9db9..75281f001 100644 --- a/xorg-server/configure.ac +++ b/xorg-server/configure.ac @@ -2003,7 +2003,7 @@ AM_CONDITIONAL(STANDALONE_XPBPROXY, [test "x$STANDALONE_XPBPROXY" = xyes]) dnl DMX DDX PKG_CHECK_MODULES( [DMXMODULES], - [xmuu $LIBXEXT x11 xrender xfixes $LIBXI $DMXPROTO xau $XDMCP_MODULES], + [xmuu $LIBXEXT x11 >= 1.6 xrender xfixes $LIBXI $DMXPROTO xau $XDMCP_MODULES], [PKG_CHECK_MODULES( [XDMXCONFIG_DEP], [xaw7 xmu xt xpm x11], @@ -2112,7 +2112,7 @@ if test "$KDRIVE" = yes; then AC_DEFINE(KDRIVE_MOUSE, 1, [Enable KDrive mouse driver]) fi - XEPHYR_REQUIRED_LIBS="x11 $LIBXEXT xau xdmcp" + XEPHYR_REQUIRED_LIBS="x11 >= 1.6 $LIBXEXT xau xdmcp" if test "x$XV" = xyes; then XEPHYR_REQUIRED_LIBS="$XEPHYR_REQUIRED_LIBS xv" fi diff --git a/xorg-server/dix/getevents.c b/xorg-server/dix/getevents.c index 51d4fd4da..f5ab8c458 100644 --- a/xorg-server/dix/getevents.c +++ b/xorg-server/dix/getevents.c @@ -773,7 +773,7 @@ add_to_scroll_valuator(DeviceIntPtr dev, ValuatorMask *mask, int valuator, doubl static void scale_for_device_resolution(DeviceIntPtr dev, ValuatorMask *mask) { - double x; + double y; ValuatorClassPtr v = dev->valuator; int xrange = v->axes[0].max_value - v->axes[0].min_value + 1; int yrange = v->axes[1].max_value - v->axes[1].min_value + 1; @@ -783,14 +783,14 @@ scale_for_device_resolution(DeviceIntPtr dev, ValuatorMask *mask) double resolution_ratio = 1.0; double ratio; - if (!valuator_mask_fetch_double(mask, 0, &x)) + if (!valuator_mask_fetch_double(mask, 1, &y)) return; if (v->axes[0].resolution != 0 && v->axes[1].resolution != 0) resolution_ratio = 1.0 * v->axes[0].resolution/v->axes[1].resolution; ratio = device_ratio/resolution_ratio/screen_ratio; - valuator_mask_set_double(mask, 0, x * ratio); + valuator_mask_set_double(mask, 1, y / ratio); } /** diff --git a/xorg-server/hw/dmx/dmx_glxvisuals.c b/xorg-server/hw/dmx/dmx_glxvisuals.c index f903b7491..56bd67b6e 100644 --- a/xorg-server/hw/dmx/dmx_glxvisuals.c +++ b/xorg-server/hw/dmx/dmx_glxvisuals.c @@ -37,6 +37,7 @@ #include <GL/glxproto.h> #include <X11/extensions/Xext.h> #include <X11/extensions/extutil.h> +#include <limits.h> #include "dmx_glxvisuals.h" @@ -84,7 +85,10 @@ GetGLXVisualConfigs(Display * dpy, int screen, int *nconfigs) SyncHandle(); return NULL; } - props = (INT32 *) Xmalloc(nprops * __GLX_SIZE_CARD32); + if (nprops < (INT_MAX / __GLX_SIZE_CARD32)) + props = Xmalloc(nprops * __GLX_SIZE_CARD32); + else + props = NULL; if (!props) { UnlockDisplay(dpy); SyncHandle(); @@ -92,15 +96,16 @@ GetGLXVisualConfigs(Display * dpy, int screen, int *nconfigs) } /* Allocate memory for our config structure */ - config = (__GLXvisualConfig *) - Xmalloc(nvisuals * sizeof(__GLXvisualConfig)); + if (nvisuals < (INT_MAX / sizeof(__GLXvisualConfig))) + config = Xcalloc(nvisuals, sizeof(__GLXvisualConfig)); + else + config = NULL; if (!config) { free(props); UnlockDisplay(dpy); SyncHandle(); return NULL; } - memset(config, 0, nvisuals * sizeof(__GLXvisualConfig)); configs = config; num_good_visuals = 0; @@ -274,7 +279,10 @@ GetGLXFBConfigs(Display * dpy, int glxMajorOpcode, int *nconfigs) return NULL; } - attrs = (INT32 *) Xmalloc(2 * numAttribs * __GLX_SIZE_CARD32); + if (numAttribs < (INT_MAX / (2 * __GLX_SIZE_CARD32))) + attrs = Xmalloc(2 * numAttribs * __GLX_SIZE_CARD32); + else + attrs = NULL; if (!attrs) { UnlockDisplay(dpy); SyncHandle(); @@ -282,15 +290,16 @@ GetGLXFBConfigs(Display * dpy, int glxMajorOpcode, int *nconfigs) } /* Allocate memory for our config structure */ - config = (__GLXFBConfig *) - Xmalloc(numFBConfigs * sizeof(__GLXFBConfig)); + if (numFBConfigs < (INT_MAX / sizeof(__GLXFBConfig))) + config = Xcalloc(numFBConfigs, sizeof(__GLXFBConfig)); + else + config = NULL; if (!config) { free(attrs); UnlockDisplay(dpy); SyncHandle(); return NULL; } - memset(config, 0, numFBConfigs * sizeof(__GLXFBConfig)); fbconfigs = config; /* Convert attribute list into our format */ diff --git a/xorg-server/hw/dmx/glxProxy/glxcmds.c b/xorg-server/hw/dmx/glxProxy/glxcmds.c index 45382748f..8cdb25ec6 100644 --- a/xorg-server/hw/dmx/glxProxy/glxcmds.c +++ b/xorg-server/hw/dmx/glxProxy/glxcmds.c @@ -2582,7 +2582,6 @@ __glXQueryExtensionsString(__GLXclientState * cl, GLbyte * pc) xGLXQueryExtensionsStringReply be_reply; DMXScreenInfo *dmxScreen; Display *dpy; - int slop; #endif screen = req->screen; @@ -2608,16 +2607,13 @@ __glXQueryExtensionsString(__GLXclientState * cl, GLbyte * pc) _XReply(dpy, (xReply *) &be_reply, 0, False); len = (int) be_reply.length; numbytes = (int) be_reply.n; - slop = numbytes * __GLX_SIZE_INT8 & 3; be_buf = (char *) malloc(numbytes); if (!be_buf) { /* Throw data on the floor */ - _XEatData(dpy, len); + _XEatDataWords(dpy, len); } else { - _XRead(dpy, (char *) be_buf, numbytes); - if (slop) - _XEatData(dpy, 4 - slop); + _XReadPad(dpy, (char *) be_buf, numbytes); } UnlockDisplay(dpy); SyncHandle(); @@ -2666,7 +2662,6 @@ __glXQueryServerString(__GLXclientState * cl, GLbyte * pc) xGLXQueryServerStringReply be_reply; DMXScreenInfo *dmxScreen; Display *dpy; - int slop; #endif name = req->name; @@ -2693,16 +2688,13 @@ __glXQueryServerString(__GLXclientState * cl, GLbyte * pc) _XReply(dpy, (xReply *) &be_reply, 0, False); len = (int) be_reply.length; numbytes = (int) be_reply.n; - slop = numbytes * __GLX_SIZE_INT8 & 3; be_buf = (char *) malloc(numbytes); if (!be_buf) { /* Throw data on the floor */ - _XEatData(dpy, len); + _XEatDataWords(dpy, len); } else { - _XRead(dpy, (char *) be_buf, numbytes); - if (slop) - _XEatData(dpy, 4 - slop); + _XReadPad(dpy, (char *) be_buf, numbytes); } UnlockDisplay(dpy); SyncHandle(); diff --git a/xorg-server/hw/dmx/glxProxy/glxscreens.c b/xorg-server/hw/dmx/glxProxy/glxscreens.c index 2a1909244..138afedf2 100644 --- a/xorg-server/hw/dmx/glxProxy/glxscreens.c +++ b/xorg-server/hw/dmx/glxProxy/glxscreens.c @@ -138,7 +138,7 @@ CalcServerVersionAndExtensions(void) Display *dpy = dmxScreen->beDisplay; xGLXQueryServerStringReq *req; xGLXQueryServerStringReply reply; - int length, numbytes, slop; + int length, numbytes; /* Send the glXQueryServerString request */ LockDisplay(dpy); @@ -151,16 +151,13 @@ CalcServerVersionAndExtensions(void) length = (int) reply.length; numbytes = (int) reply.n; - slop = numbytes * __GLX_SIZE_INT8 & 3; be_extensions[s] = (char *) malloc(numbytes); if (!be_extensions[s]) { /* Throw data on the floor */ - _XEatData(dpy, length); + _XEatDataWords(dpy, length); } else { - _XRead(dpy, (char *) be_extensions[s], numbytes); - if (slop) - _XEatData(dpy, 4 - slop); + _XReadPad(dpy, (char *) be_extensions[s], numbytes); } UnlockDisplay(dpy); SyncHandle(); diff --git a/xorg-server/hw/dmx/glxProxy/glxsingle.c b/xorg-server/hw/dmx/glxProxy/glxsingle.c index e60cfeb70..abfb880a3 100644 --- a/xorg-server/hw/dmx/glxProxy/glxsingle.c +++ b/xorg-server/hw/dmx/glxProxy/glxsingle.c @@ -258,7 +258,7 @@ __glXForwardPipe0WithReply(__GLXclientState * cl, GLbyte * pc) } else { /* Throw data on the floor */ - _XEatData(dpy, be_buf_size); + _XEatDataWords(dpy, be_reply.length); return BadAlloc; } } @@ -357,7 +357,7 @@ __glXForwardAllWithReply(__GLXclientState * cl, GLbyte * pc) } else { /* Throw data on the floor */ - _XEatData(dpy, be_buf_size); + _XEatDataWords(dpy, be_reply.length); return BadAlloc; } } @@ -993,7 +993,7 @@ __glXDisp_ReadPixels(__GLXclientState * cl, GLbyte * pc) } else { /* Throw data on the floor */ - _XEatData(dpy, be_buf_size); + _XEatDataWords(dpy, be_reply.length); free(buf); return BadAlloc; } diff --git a/xorg-server/hw/dmx/glxProxy/glxvendor.c b/xorg-server/hw/dmx/glxProxy/glxvendor.c index 5777c6acc..50d505c4b 100644 --- a/xorg-server/hw/dmx/glxProxy/glxvendor.c +++ b/xorg-server/hw/dmx/glxProxy/glxvendor.c @@ -246,7 +246,7 @@ __glXVForwardPipe0WithReply(__GLXclientState * cl, GLbyte * pc) } else { /* Throw data on the floor */ - _XEatData(dpy, be_buf_size); + _XEatDataWords(dpy, be_reply.length); return BadAlloc; } } @@ -340,7 +340,7 @@ __glXVForwardAllWithReply(__GLXclientState * cl, GLbyte * pc) } else { /* Throw data on the floor */ - _XEatData(dpy, be_buf_size); + _XEatDataWords(dpy, be_reply.length); return BadAlloc; } } diff --git a/xorg-server/hw/kdrive/ephyr/XF86dri.c b/xorg-server/hw/kdrive/ephyr/XF86dri.c index 9d742f394..15b62191f 100644 --- a/xorg-server/hw/kdrive/ephyr/XF86dri.c +++ b/xorg-server/hw/kdrive/ephyr/XF86dri.c @@ -64,6 +64,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #include <GL/glx.h> #include "xf86dri.h" #include <X11/dri/xf86driproto.h> +#include <limits.h> static XExtensionInfo _xf86dri_info_data; static XExtensionInfo *xf86dri_info = &_xf86dri_info_data; @@ -225,8 +226,12 @@ XF86DRIOpenConnection(Display * dpy, int screen, } if (rep.length) { - if (!(*busIdString = (char *) calloc(rep.busIdStringLength + 1, 1))) { - _XEatData(dpy, ((rep.busIdStringLength + 3) & ~3)); + if (rep.busIdStringLength < INT_MAX) + *busIdString = calloc(rep.busIdStringLength + 1, 1); + else + *busIdString = NULL; + if (*busIdString == NULL) { + _XEatDataWords(dpy, rep.length); UnlockDisplay(dpy); SyncHandle(); TRACE("OpenConnection... return False"); @@ -323,10 +328,12 @@ XF86DRIGetClientDriverName(Display * dpy, int screen, *ddxDriverPatchVersion = rep.ddxDriverPatchVersion; if (rep.length) { - if (! - (*clientDriverName = - (char *) calloc(rep.clientDriverNameLength + 1, 1))) { - _XEatData(dpy, ((rep.clientDriverNameLength + 3) & ~3)); + if (rep.clientDriverNameLength < INT_MAX) + *clientDriverName = calloc(rep.clientDriverNameLength + 1, 1); + else + *clientDriverName = NULL; + if (*clientDriverName == NULL) { + _XEatDataWords(dpy, rep.length); UnlockDisplay(dpy); SyncHandle(); TRACE("GetClientDriverName... return False"); @@ -532,7 +539,7 @@ XF86DRIGetDrawableInfo(Display * dpy, int screen, Drawable drawable, SIZEOF(xGenericReply) + total_rects * sizeof(drm_clip_rect_t)) + 3) & ~3) >> 2)) { - _XEatData(dpy, rep.length); + _XEatDataWords(dpy, rep.length); UnlockDisplay(dpy); SyncHandle(); TRACE("GetDrawableInfo... return False"); @@ -606,7 +613,7 @@ XF86DRIGetDeviceInfo(Display * dpy, int screen, drm_handle_t * hFrameBuffer, if (rep.length) { if (!(*pDevPrivate = (void *) calloc(rep.devPrivateSize, 1))) { - _XEatData(dpy, ((rep.devPrivateSize + 3) & ~3)); + _XEatDataWords(dpy, rep.length); UnlockDisplay(dpy); SyncHandle(); TRACE("GetDeviceInfo... return False"); diff --git a/xorg-server/hw/kdrive/ephyr/ephyrhostglx.c b/xorg-server/hw/kdrive/ephyr/ephyrhostglx.c index 5c6c40f0b..6a4392fee 100644 --- a/xorg-server/hw/kdrive/ephyr/ephyrhostglx.c +++ b/xorg-server/hw/kdrive/ephyr/ephyrhostglx.c @@ -137,7 +137,7 @@ ephyrHostGLXQueryVersion(int *a_major, int *a_minor) } /** - * GLX protocol structure for the ficticious "GXLGenericGetString" request. + * GLX protocol structure for the ficticious "GLXGenericGetString" request. * * This is a non-existant protocol packet. It just so happens that all of * the real protocol packets used to request a string from the server have @@ -169,7 +169,8 @@ ephyrHostGLXGetStringFromServer(int a_screen_number, int default_screen = DefaultScreen(dpy); xGLXGenericGetStringReq *req = NULL; xGLXSingleReply reply; - int length = 0, numbytes = 0, major_opcode = 0, get_string_op = 0; + unsigned long length = 0, numbytes = 0; + int major_opcode = 0, get_string_op = 0; EPHYR_RETURN_VAL_IF_FAIL(dpy && a_string, FALSE); @@ -209,36 +210,48 @@ ephyrHostGLXGetStringFromServer(int a_screen_number, _XReply(dpy, (xReply *) &reply, 0, False); - length = reply.length * 4; - if (!length) { - numbytes = 0; +#if UINT32_MAX >= (ULONG_MAX / 4) + if (reply.length >= (ULONG_MAX / 4)) { + _XEatDataWords(dpy, reply.length); + goto eat_out; } - else { +#endif + if (reply.length > 0) { + length = (unsigned long) reply.length * 4; numbytes = reply.size; + if (numbytes > length) { + EPHYR_LOG_ERROR("string length %d longer than reply length %d\n", + numbytes, length); + goto eat_out; + } } EPHYR_LOG("going to get a string of size:%d\n", numbytes); - *a_string = (char *) Xmalloc(numbytes + 1); - if (!a_string) { + if (numbytes < INT_MAX) + *a_string = Xcalloc(numbytes + 1, 1); + else + *a_string = NULL; + if (*a_string == NULL) { EPHYR_LOG_ERROR("allocation failed\n"); - goto out; + goto eat_out; } - memset(*a_string, 0, numbytes + 1); if (_XRead(dpy, *a_string, numbytes)) { - UnlockDisplay(dpy); - SyncHandle(); EPHYR_LOG_ERROR("read failed\n"); - goto out; + length = 0; /* if read failed, no idea how much to eat */ + } + else { + length -= numbytes; + EPHYR_LOG("strname:%#x, strvalue:'%s', strlen:%d\n", + a_string_name, *a_string, numbytes); + is_ok = TRUE; } - length -= numbytes; + + eat_out: _XEatData(dpy, length); UnlockDisplay(dpy); SyncHandle(); - EPHYR_LOG("strname:%#x, strvalue:'%s', strlen:%d\n", - a_string_name, *a_string, numbytes); - is_ok = TRUE; out: EPHYR_LOG("leave\n"); return is_ok; diff --git a/xorg-server/hw/kdrive/ephyr/ephyrhostvideo.c b/xorg-server/hw/kdrive/ephyr/ephyrhostvideo.c index 362aa055e..05e9ad9f5 100644 --- a/xorg-server/hw/kdrive/ephyr/ephyrhostvideo.c +++ b/xorg-server/hw/kdrive/ephyr/ephyrhostvideo.c @@ -677,7 +677,7 @@ ephyrHostXVQueryImageAttributes(int a_port_id, _XRead(dpy, (char *) a_offsets, rep.num_planes << 2); } else { - _XEatData(dpy, rep.length << 2); + _XEatDataWords(dpy, rep.length); } *a_width = rep.width; *a_height = rep.height; diff --git a/xorg-server/hw/xfree86/common/xf86Module.h b/xorg-server/hw/xfree86/common/xf86Module.h index 1393427f8..e0cec05b8 100644 --- a/xorg-server/hw/xfree86/common/xf86Module.h +++ b/xorg-server/hw/xfree86/common/xf86Module.h @@ -81,7 +81,7 @@ typedef enum { */ #define ABI_ANSIC_VERSION SET_ABI_VERSION(0, 4) #define ABI_VIDEODRV_VERSION SET_ABI_VERSION(14, 1) -#define ABI_XINPUT_VERSION SET_ABI_VERSION(19, 1) +#define ABI_XINPUT_VERSION SET_ABI_VERSION(19, 2) #define ABI_EXTENSION_VERSION SET_ABI_VERSION(7, 0) #define ABI_FONT_VERSION SET_ABI_VERSION(0, 6) diff --git a/xorg-server/hw/xnest/Args.h b/xorg-server/hw/xnest/Args.h index 514a39513..225418d22 100644 --- a/xorg-server/hw/xnest/Args.h +++ b/xorg-server/hw/xnest/Args.h @@ -12,7 +12,7 @@ is" without express or implied warranty. */ -#ifndef XNESTARGC_H +#ifndef XNESTARGS_H #define XNESTARGS_H extern char *xnestDisplayName; |