diff options
Diffstat (limited to 'xorg-server/glx/glxcmds.c')
-rwxr-xr-x[-rw-r--r--] | xorg-server/glx/glxcmds.c | 167 |
1 files changed, 100 insertions, 67 deletions
diff --git a/xorg-server/glx/glxcmds.c b/xorg-server/glx/glxcmds.c index df08967ab..4ac21a047 100644..100755 --- a/xorg-server/glx/glxcmds.c +++ b/xorg-server/glx/glxcmds.c @@ -201,6 +201,12 @@ __glXdirectContextDestroy(__GLXcontext * context) free(context); } +static int +__glXdirectContextLoseCurrent(__GLXcontext * context) +{ + return GL_TRUE; +} + _X_HIDDEN __GLXcontext * __glXdirectContextCreate(__GLXscreen * screen, __GLXconfig * modes, __GLXcontext * shareContext) @@ -212,6 +218,7 @@ __glXdirectContextCreate(__GLXscreen * screen, return NULL; context->destroy = __glXdirectContextDestroy; + context->loseCurrent = __glXdirectContextLoseCurrent; return context; } @@ -416,7 +423,9 @@ __glXDisp_DestroyContext(__GLXclientState * cl, GLbyte * pc) &glxc, &err)) return err; - FreeResourceByType(req->context, __glXContextRes, FALSE); + glxc->idExists = GL_FALSE; + if (!glxc->currentClient) + FreeResourceByType(req->context, __glXContextRes, FALSE); return Success; } @@ -1912,44 +1921,55 @@ DoGetDrawableAttributes(__GLXclientState * cl, XID drawId) { ClientPtr client = cl->client; xGLXGetDrawableAttributesReply reply; - __GLXdrawable *pGlxDraw; + __GLXdrawable *pGlxDraw = NULL; + DrawablePtr pDraw; CARD32 attributes[14]; - int numAttribs = 0, error; + int num = 0, error; if (!validGlxDrawable(client, drawId, GLX_DRAWABLE_ANY, - DixGetAttrAccess, &pGlxDraw, &error)) - return error; - - attributes[0] = GLX_TEXTURE_TARGET_EXT; - attributes[1] = pGlxDraw->target == GL_TEXTURE_2D ? GLX_TEXTURE_2D_EXT : - GLX_TEXTURE_RECTANGLE_EXT; - numAttribs++; - attributes[2] = GLX_Y_INVERTED_EXT; - attributes[3] = GL_FALSE; - numAttribs++; - attributes[4] = GLX_EVENT_MASK; - attributes[5] = pGlxDraw->eventMask; - numAttribs++; - attributes[6] = GLX_WIDTH; - attributes[7] = pGlxDraw->pDraw->width; - numAttribs++; - attributes[8] = GLX_HEIGHT; - attributes[9] = pGlxDraw->pDraw->height; - numAttribs++; - attributes[10] = GLX_FBCONFIG_ID; - attributes[11] = pGlxDraw->config->fbconfigID; - numAttribs++; - if (pGlxDraw->type == GLX_DRAWABLE_PBUFFER) { - attributes[12] = GLX_PRESERVED_CONTENTS; - attributes[13] = GL_TRUE; - numAttribs++; + DixGetAttrAccess, &pGlxDraw, &error)) { + /* hack for GLX 1.2 naked windows */ + int err = dixLookupWindow((WindowPtr *)&pDraw, drawId, client, + DixGetAttrAccess); + if (err != Success) + return error; + } + if (pGlxDraw) + pDraw = pGlxDraw->pDraw; + + attributes[2*num] = GLX_Y_INVERTED_EXT; + attributes[2*num+1] = GL_FALSE; + num++; + attributes[2*num] = GLX_WIDTH; + attributes[2*num+1] = pDraw->width; + num++; + attributes[2*num] = GLX_HEIGHT; + attributes[2*num+1] = pDraw->height; + num++; + if (pGlxDraw) { + attributes[2*num] = GLX_TEXTURE_TARGET_EXT; + attributes[2*num+1] = pGlxDraw->target == GL_TEXTURE_2D ? + GLX_TEXTURE_2D_EXT : + GLX_TEXTURE_RECTANGLE_EXT; + num++; + attributes[2*num] = GLX_EVENT_MASK; + attributes[2*num+1] = pGlxDraw->eventMask; + num++; + attributes[2*num] = GLX_FBCONFIG_ID; + attributes[2*num+1] = pGlxDraw->config->fbconfigID; + num++; + if (pGlxDraw->type == GLX_DRAWABLE_PBUFFER) { + attributes[2*num] = GLX_PRESERVED_CONTENTS; + attributes[2*num+1] = GL_TRUE; + num++; + } } reply.type = X_Reply; reply.sequenceNumber = client->sequence; - reply.length = numAttribs << 1; - reply.numAttribs = numAttribs; + reply.length = num << 1; + reply.numAttribs = num; if (client->swapped) { @@ -2028,7 +2048,7 @@ __glXDisp_Render(__GLXclientState * cl, GLbyte * pc) left = (req->length << 2) - sz_xGLXRenderReq; while (left > 0) { __GLXrenderSizeData entry; - int extra; + int extra = 0; __GLXdispatchRenderProcPtr proc; int err; @@ -2047,6 +2067,9 @@ __glXDisp_Render(__GLXclientState * cl, GLbyte * pc) cmdlen = hdr->length; opcode = hdr->opcode; + if (left < cmdlen) + return BadLength; + /* ** Check for core opcodes and grab entry data. */ @@ -2060,24 +2083,21 @@ __glXDisp_Render(__GLXclientState * cl, GLbyte * pc) return __glXError(GLXBadRenderRequest); } + if (cmdlen < entry.bytes) { + return BadLength; + } + if (entry.varsize) { /* variable size command */ extra = (*entry.varsize) (pc + __GLX_RENDER_HDR_SIZE, - client->swapped); + client->swapped, + left - __GLX_RENDER_HDR_SIZE); if (extra < 0) { - extra = 0; - } - if (cmdlen != __GLX_PAD(entry.bytes + extra)) { - return BadLength; - } - } - else { - /* constant size command */ - if (cmdlen != __GLX_PAD(entry.bytes)) { return BadLength; } } - if (left < cmdlen) { + + if (cmdlen != safe_pad(safe_add(entry.bytes, extra))) { return BadLength; } @@ -2113,6 +2133,8 @@ __glXDisp_RenderLarge(__GLXclientState * cl, GLbyte * pc) __GLX_DECLARE_SWAP_VARIABLES; + REQUEST_AT_LEAST_SIZE(xGLXRenderLargeReq); + req = (xGLXRenderLargeReq *) pc; if (client->swapped) { __GLX_SWAP_SHORT(&req->length); @@ -2128,12 +2150,14 @@ __glXDisp_RenderLarge(__GLXclientState * cl, GLbyte * pc) __glXResetLargeCommandStatus(cl); return error; } + if (safe_pad(req->dataBytes) < 0) + return BadLength; dataBytes = req->dataBytes; /* ** Check the request length. */ - if ((req->length << 2) != __GLX_PAD(dataBytes) + sz_xGLXRenderLargeReq) { + if ((req->length << 2) != safe_pad(dataBytes) + sz_xGLXRenderLargeReq) { client->errorValue = req->length; /* Reset in case this isn't 1st request. */ __glXResetLargeCommandStatus(cl); @@ -2143,7 +2167,8 @@ __glXDisp_RenderLarge(__GLXclientState * cl, GLbyte * pc) if (cl->largeCmdRequestsSoFar == 0) { __GLXrenderSizeData entry; - int extra; + int extra = 0; + int left = (req->length << 2) - sz_xGLXRenderLargeReq; size_t cmdlen; int err; @@ -2156,13 +2181,17 @@ __glXDisp_RenderLarge(__GLXclientState * cl, GLbyte * pc) return __glXError(GLXBadLargeRequest); } + if (dataBytes < __GLX_RENDER_LARGE_HDR_SIZE) + return BadLength; + hdr = (__GLXrenderLargeHeader *) pc; if (client->swapped) { __GLX_SWAP_INT(&hdr->length); __GLX_SWAP_INT(&hdr->opcode); } - cmdlen = hdr->length; opcode = hdr->opcode; + if ((cmdlen = safe_pad(hdr->length)) < 0) + return BadLength; /* ** Check for core opcodes and grab entry data. @@ -2180,21 +2209,18 @@ __glXDisp_RenderLarge(__GLXclientState * cl, GLbyte * pc) ** will be in the 1st request, so it's okay to do this. */ extra = (*entry.varsize) (pc + __GLX_RENDER_LARGE_HDR_SIZE, - client->swapped); + client->swapped, + left - __GLX_RENDER_LARGE_HDR_SIZE); if (extra < 0) { - extra = 0; - } - /* large command's header is 4 bytes longer, so add 4 */ - if (cmdlen != __GLX_PAD(entry.bytes + 4 + extra)) { return BadLength; } } - else { - /* constant size command */ - if (cmdlen != __GLX_PAD(entry.bytes + 4)) { - return BadLength; - } + + /* the +4 is safe because we know entry.bytes is small */ + if (cmdlen != safe_pad(safe_add(entry.bytes + 4, extra))) { + return BadLength; } + /* ** Make enough space in the buffer, then copy the entire request. */ @@ -2221,6 +2247,7 @@ __glXDisp_RenderLarge(__GLXclientState * cl, GLbyte * pc) ** We are receiving subsequent (i.e. not the first) requests of a ** multi request command. */ + int bytesSoFar; /* including this packet */ /* ** Check the request number and the total request count. @@ -2239,11 +2266,18 @@ __glXDisp_RenderLarge(__GLXclientState * cl, GLbyte * pc) /* ** Check that we didn't get too much data. */ - if ((cl->largeCmdBytesSoFar + dataBytes) > cl->largeCmdBytesTotal) { + if ((bytesSoFar = safe_add(cl->largeCmdBytesSoFar, dataBytes)) < 0) { + client->errorValue = dataBytes; + __glXResetLargeCommandStatus(cl); + return __glXError(GLXBadLargeRequest); + } + + if (bytesSoFar > cl->largeCmdBytesTotal) { client->errorValue = dataBytes; __glXResetLargeCommandStatus(cl); return __glXError(GLXBadLargeRequest); } + memcpy(cl->largeCmdBuf + cl->largeCmdBytesSoFar, pc, dataBytes); cl->largeCmdBytesSoFar += dataBytes; cl->largeCmdRequestsSoFar++; @@ -2255,17 +2289,16 @@ __glXDisp_RenderLarge(__GLXclientState * cl, GLbyte * pc) ** This is the last request; it must have enough bytes to complete ** the command. */ - /* NOTE: the two pad macros have been added below; they are needed - ** because the client library pads the total byte count, but not - ** the per-request byte counts. The Protocol Encoding says the - ** total byte count should not be padded, so a proposal will be - ** made to the ARB to relax the padding constraint on the total - ** byte count, thus preserving backward compatibility. Meanwhile, - ** the padding done below fixes a bug that did not allow - ** large commands of odd sizes to be accepted by the server. + /* NOTE: the pad macro below is needed because the client library + ** pads the total byte count, but not the per-request byte counts. + ** The Protocol Encoding says the total byte count should not be + ** padded, so a proposal will be made to the ARB to relax the + ** padding constraint on the total byte count, thus preserving + ** backward compatibility. Meanwhile, the padding done below + ** fixes a bug that did not allow large commands of odd sizes to + ** be accepted by the server. */ - if (__GLX_PAD(cl->largeCmdBytesSoFar) != - __GLX_PAD(cl->largeCmdBytesTotal)) { + if (safe_pad(cl->largeCmdBytesSoFar) != cl->largeCmdBytesTotal) { client->errorValue = dataBytes; __glXResetLargeCommandStatus(cl); return __glXError(GLXBadLargeRequest); |