xserver: Branch 'server-1.4-branch' - 2 commits
Matthieu Herrb
herrb at kemper.freedesktop.org
Wed Feb 20 13:18:09 PST 2008
Xext/shm.c | 12 ++++++------
dix/window.c | 3 ++-
2 files changed, 8 insertions(+), 7 deletions(-)
New commits:
commit 44f46bfb981ca69515dafc520f62f33654711194
Author: Matthias Hopf <mhopf at suse.de>
Date: Mon Jan 21 16:13:21 2008 +0100
CVE-2007-6429: Always test for size+offset wrapping.
diff --git a/Xext/shm.c b/Xext/shm.c
index 6f99e90..376f123 100644
--- a/Xext/shm.c
+++ b/Xext/shm.c
@@ -753,10 +753,10 @@ CreatePmap:
if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
if (size < width * height)
return BadAlloc;
- /* thankfully, offset is unsigned */
- if (stuff->offset + size < size)
- return BadAlloc;
}
+ /* thankfully, offset is unsigned */
+ if (stuff->offset + size < size)
+ return BadAlloc;
VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
@@ -1098,10 +1098,10 @@ CreatePmap:
if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
if (size < width * height)
return BadAlloc;
- /* thankfully, offset is unsigned */
- if (stuff->offset + size < size)
- return BadAlloc;
}
+ /* thankfully, offset is unsigned */
+ if (stuff->offset + size < size)
+ return BadAlloc;
VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(
commit bcbfd619f8da888224afd80ee3a2db7d500523eb
Author: Kristian Høgsberg <krh at redhat.com>
Date: Wed Jan 16 20:24:11 2008 -0500
Don't break grab and focus state for a window when redirecting it.
Composite uses an unmap/map cycle to trigger backing pixmap allocation
and cliprect recomputation when a window is redirected or unredirected.
To avoid protocol visible side effects, map and unmap events are
disabled temporarily. However, when a window is unmapped it is also
removed from grabs and loses focus, but these state changes are not
disabled.
This change supresses the unmap side effects during the composite
unmap/map cycle and fixes this bug:
http://bugzilla.gnome.org/show_bug.cgi?id=488264
where compiz would cause gnome-screensaver to lose its grab when
compiz unredirects the fullscreen lock window.
diff --git a/dix/window.c b/dix/window.c
index be4ea2c..961c02a 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -3023,7 +3023,8 @@ UnrealizeTree(
}
#endif
(* Unrealize)(pChild);
- DeleteWindowFromAnyEvents(pChild, FALSE);
+ if (MapUnmapEventsEnabled(pWin))
+ DeleteWindowFromAnyEvents(pChild, FALSE);
if (pChild->viewable)
{
#ifdef DO_SAVE_UNDERS
More information about the xorg-commit
mailing list