Mesa (master): glx: Fix handling of property list received from the server in glXImportContextEXT
Ian Romanick
idr at kemper.freedesktop.org
Mon Dec 19 22:56:28 UTC 2011
Module: Mesa
Branch: master
Commit: 5a849e864ea2db3b705ba301089ee2ec1fe78aa1
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=5a849e864ea2db3b705ba301089ee2ec1fe78aa1
Author: Ian Romanick <ian.d.romanick at intel.com>
Date: Wed Dec 7 11:15:14 2011 -0800
glx: Fix handling of property list received from the server in glXImportContextEXT
The primary problem was that the number of reply bytes read is clamped
to sizeof(propList), but the loop that processes the properties tries
to examine all of the properties sent by the server. If the server
sends 47,000 properties, we only read 3 but process all 47,000.
NOTE: This is a candidate for the 7.11 branch.
Signed-off-by: Ian Romanick <ian.d.romanick at intel.com>
Reviewed-by: Adam Jackson <ajax at redhat.com>
Reviewed-by: Eric Anholt <eric at anholt.net>
---
src/glx/glxcmds.c | 45 ++++++++++++++++++++++++++++++++-------------
1 files changed, 32 insertions(+), 13 deletions(-)
diff --git a/src/glx/glxcmds.c b/src/glx/glxcmds.c
index c29bc1c..6ef7b92 100644
--- a/src/glx/glxcmds.c
+++ b/src/glx/glxcmds.c
@@ -1411,14 +1411,23 @@ _X_EXPORT GLXContext
glXImportContextEXT(Display *dpy, GLXContextID contextID)
{
struct glx_display *priv = __glXInitialize(dpy);
- struct glx_screen *psc;
+ struct glx_screen *psc = NULL;
xGLXQueryContextReply reply;
CARD8 opcode;
struct glx_context *ctx;
- int propList[__GLX_MAX_CONTEXT_PROPS * 2], *pProp, nPropListBytes;
+
+ /* This GLX implementation knows about 5 different properties, so
+ * allow the server to send us one of each.
+ */
+ int propList[5 * 2], *pProp, nPropListBytes;
+ int numProps;
int i, renderType;
XID share;
struct glx_config *mode;
+ uint32_t fbconfigID = 0;
+ uint32_t visualID = 0;
+ uint32_t screen;
+ Bool got_screen = False;
if (contextID == None || __glXIsDirect(dpy, contextID))
return NULL;
@@ -1463,35 +1472,45 @@ glXImportContextEXT(Display *dpy, GLXContextID contextID)
UnlockDisplay(dpy);
SyncHandle();
- /* Look up screen first so we can look up visuals/fbconfigs later */
- psc = NULL;
- for (i = 0, pProp = propList; i < reply.n; i++, pProp += 2)
- if (pProp[0] == GLX_SCREEN)
- psc = GetGLXScreenConfigs(dpy, pProp[1]);
- if (psc == NULL)
- return NULL;
-
+ numProps = nPropListBytes / (2 * sizeof(propList[0]));
share = None;
mode = NULL;
renderType = 0;
pProp = propList;
- for (i = 0, pProp = propList; i < reply.n; i++, pProp += 2)
+ for (i = 0, pProp = propList; i < numProps; i++, pProp += 2)
switch (pProp[0]) {
+ case GLX_SCREEN:
+ screen = pProp[1];
+ got_screen = True;
+ break;
case GLX_SHARE_CONTEXT_EXT:
share = pProp[1];
break;
case GLX_VISUAL_ID_EXT:
- mode = glx_config_find_visual(psc->visuals, pProp[1]);
+ visualID = pProp[1];
break;
case GLX_FBCONFIG_ID:
- mode = glx_config_find_fbconfig(psc->configs, pProp[1]);
+ fbconfigID = pProp[1];
break;
case GLX_RENDER_TYPE:
renderType = pProp[1];
break;
}
+ if (!got_screen)
+ return NULL;
+
+ psc = GetGLXScreenConfigs(dpy, screen);
+ if (psc == NULL)
+ return NULL;
+
+ if (fbconfigID != 0) {
+ mode = glx_config_find_fbconfig(psc->configs, fbconfigID);
+ } else if (visualID != 0) {
+ mode = glx_config_find_visual(psc->visuals, visualID);
+ }
+
if (mode == NULL)
return NULL;
More information about the mesa-commit
mailing list