xserver: Branch 'master' - 3 commits
Keith Packard
keithp at kemper.freedesktop.org
Thu Jun 28 10:10:42 PDT 2012
randr/randr.c | 3 +++
randr/rrcrtc.c | 10 ++++------
randr/rrinfo.c | 7 ++++---
randr/rrmode.c | 4 +---
randr/rroutput.c | 11 ++++++-----
randr/rrscreen.c | 3 +++
6 files changed, 21 insertions(+), 17 deletions(-)
New commits:
commit 855003c333a0ead1db912695bc9705ef2b3144b4
Author: Keith Packard <keithp at keithp.com>
Date: Thu Jun 21 18:45:18 2012 -0700
randr: Catch two more potential unset rrScrPriv uses
Ricardo Salveti <ricardo.salveti at linaro.org> found one place where the
randr code could use the randr screen private data without checking
for null first. This happens when the X server is running with
multiple screens, some of which are randr enabled and some of which
are not. Applications making protocol requests to the non-randr
screens can cause segfaults where the server touches the unset private
structure.
I audited the code and found two more possible problem spots; the
trick to auditing for this issue was to look for functions not taking
a RandR data structure and where there was no null screen private
check above them in the call graph.
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/randr/rroutput.c b/randr/rroutput.c
index 091e06b..fbd0e32 100644
--- a/randr/rroutput.c
+++ b/randr/rroutput.c
@@ -546,7 +546,8 @@ ProcRRSetOutputPrimary(ClientPtr client)
}
pScrPriv = rrGetScrPriv(pWin->drawable.pScreen);
- RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
+ if (pScrPriv)
+ RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
return Success;
}
diff --git a/randr/rrscreen.c b/randr/rrscreen.c
index f570afa..55110e0 100644
--- a/randr/rrscreen.c
+++ b/randr/rrscreen.c
@@ -248,6 +248,9 @@ ProcRRSetScreenSize(ClientPtr client)
pScreen = pWin->drawable.pScreen;
pScrPriv = rrGetScrPriv(pScreen);
+ if (!pScrPriv)
+ return BadMatch;
+
if (stuff->width < pScrPriv->minWidth || pScrPriv->maxWidth < stuff->width) {
client->errorValue = stuff->width;
return BadValue;
commit 32603f57ca03b6390b109960f8bb5ea53ac95ecb
Author: Ricardo Salveti de Araujo <ricardo.salveti at linaro.org>
Date: Thu Jun 21 00:55:53 2012 -0300
randr: first check pScrPriv before using the pointer at RRFirstOutput
Fix a seg fault in case pScrPriv is NULL at ProcRRGetScreenInfo,
which later calls RRFirstOutput.
Signed-off-by: Ricardo Salveti de Araujo <ricardo.salveti at linaro.org>
Reviewed-by: Keith Packard <keithp at keithp.com>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/randr/randr.c b/randr/randr.c
index 4d4298a..103da48 100644
--- a/randr/randr.c
+++ b/randr/randr.c
@@ -446,6 +446,9 @@ RRFirstOutput(ScreenPtr pScreen)
RROutputPtr output;
int i, j;
+ if (!pScrPriv)
+ return NULL;
+
if (pScrPriv->primaryOutput && pScrPriv->primaryOutput->crtc)
return pScrPriv->primaryOutput;
commit 4ba340cfaa8d430c808566495f8deda0ff1b4424
Author: Keith Packard <keithp at keithp.com>
Date: Thu Jun 21 18:42:46 2012 -0700
randr: Clean up compiler warnings about unused and shadowing variables
set but not used variables
shadowing a previous local
A hidden problem was that the VERIFY_RR_* macros define local 'rc'
variables, any other local definitions for those would be shadowed and
generate warnings from gcc. I've renamed the other locals 'ret'
instead of 'rc'.
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/randr/rrcrtc.c b/randr/rrcrtc.c
index 36caa58..0c596dd 100644
--- a/randr/rrcrtc.c
+++ b/randr/rrcrtc.c
@@ -825,10 +825,9 @@ ProcRRSetCrtcConfig(ClientPtr client)
int numOutputs;
RROutputPtr *outputs = NULL;
RROutput *outputIds;
- TimeStamp configTime;
TimeStamp time;
Rotation rotation;
- int rc, i, j;
+ int ret, i, j;
REQUEST_AT_LEAST_SIZE(xRRSetCrtcConfigReq);
numOutputs = (stuff->length - bytes_to_int32(SIZEOF(xRRSetCrtcConfigReq)));
@@ -855,11 +854,11 @@ ProcRRSetCrtcConfig(ClientPtr client)
outputIds = (RROutput *) (stuff + 1);
for (i = 0; i < numOutputs; i++) {
- rc = dixLookupResourceByType((pointer *) (outputs + i), outputIds[i],
+ ret = dixLookupResourceByType((pointer *) (outputs + i), outputIds[i],
RROutputType, client, DixSetAttrAccess);
- if (rc != Success) {
+ if (ret != Success) {
free(outputs);
- return rc;
+ return ret;
}
/* validate crtc for this output */
for (j = 0; j < outputs[i]->numCrtcs; j++)
@@ -904,7 +903,6 @@ ProcRRSetCrtcConfig(ClientPtr client)
pScrPriv = rrGetScrPriv(pScreen);
time = ClientTimeToServerTime(stuff->timestamp);
- configTime = ClientTimeToServerTime(stuff->configTimestamp);
if (!pScrPriv) {
time = currentTime;
diff --git a/randr/rrinfo.c b/randr/rrinfo.c
index 114ec34..1408d6f 100644
--- a/randr/rrinfo.c
+++ b/randr/rrinfo.c
@@ -82,6 +82,7 @@ RRScanOldConfig(ScreenPtr pScreen, Rotation rotations)
int i;
CARD16 minWidth = MAXSHORT, minHeight = MAXSHORT;
CARD16 maxWidth = 0, maxHeight = 0;
+ CARD16 width, height;
/*
* First time through, create a crtc and output and hook
@@ -141,11 +142,11 @@ RRScanOldConfig(ScreenPtr pScreen, Rotation rotations)
/* find size bounds */
for (i = 0; i < output->numModes + output->numUserModes; i++) {
- RRModePtr mode = (i < output->numModes ?
+ mode = (i < output->numModes ?
output->modes[i] :
output->userModes[i - output->numModes]);
- CARD16 width = mode->mode.width;
- CARD16 height = mode->mode.height;
+ width = mode->mode.width;
+ height = mode->mode.height;
if (width < minWidth)
minWidth = width;
diff --git a/randr/rrmode.c b/randr/rrmode.c
index b637c06..49a45c7 100644
--- a/randr/rrmode.c
+++ b/randr/rrmode.c
@@ -173,7 +173,7 @@ RRModesForScreen(ScreenPtr pScreen, int *num_ret)
*/
for (o = 0; o < pScrPriv->numOutputs; o++) {
RROutputPtr output = pScrPriv->outputs[o];
- int m, n;
+ int n;
for (m = 0; m < output->numModes + output->numUserModes; m++) {
RRModePtr mode = (m < output->numModes ?
@@ -285,7 +285,6 @@ ProcRRCreateMode(ClientPtr client)
xRRCreateModeReply rep = { 0 };
WindowPtr pWin;
ScreenPtr pScreen;
- rrScrPrivPtr pScrPriv;
xRRModeInfo *modeInfo;
long units_after;
char *name;
@@ -298,7 +297,6 @@ ProcRRCreateMode(ClientPtr client)
return rc;
pScreen = pWin->drawable.pScreen;
- pScrPriv = rrGetScrPriv(pScreen);
modeInfo = &stuff->modeInfo;
name = (char *) (stuff + 1);
diff --git a/randr/rroutput.c b/randr/rroutput.c
index 0890c55..091e06b 100644
--- a/randr/rroutput.c
+++ b/randr/rroutput.c
@@ -528,13 +528,13 @@ ProcRRSetOutputPrimary(ClientPtr client)
RROutputPtr output = NULL;
WindowPtr pWin;
rrScrPrivPtr pScrPriv;
- int rc;
+ int ret;
REQUEST_SIZE_MATCH(xRRSetOutputPrimaryReq);
- rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
- if (rc != Success)
- return rc;
+ ret = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
+ if (ret != Success)
+ return ret;
if (stuff->output) {
VERIFY_RR_OUTPUT(stuff->output, output, DixReadAccess);
More information about the xorg-commit
mailing list