[xorg-commit-diffs] xc/programs/Xserver/dix window.c, 1.1.4.6.2.1,
1.1.4.6.2.2 dixutils.c, 1.1.4.3.2.1, 1.1.4.3.2.2
Stuart Kreitman
xorg-commit at pdx.freedesktop.org
Thu Apr 1 22:31:40 PST 2004
- Previous message: [xorg-commit-diffs] xc/config/cf sun.cf,1.1.4.10,1.1.4.10.2.1
- Next message: [xorg-commit-diffs] xc/include/extensions damage.h, NONE,
1.1.2.1 damageproto.h, NONE, 1.1.2.1 damagewire.h, NONE,
1.1.2.1 Imakefile, 1.1.4.5, 1.1.4.5.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Committed by: stukreit
Update of /cvs/xorg/xc/programs/Xserver/dix
In directory pdx:/tmp/cvs-serv26298
Modified Files:
Tag: DAMAGE-XFIXES
window.c dixutils.c
Log Message:
Memory overrun due to incomplete implementation of saveSetElt data structure
Modified Files:
Tag: DAMAGE-XFIXES
window.c dixutils.c
Index: window.c
===================================================================
RCS file: /cvs/xorg/xc/programs/Xserver/dix/window.c,v
retrieving revision 1.1.4.6.2.1
retrieving revision 1.1.4.6.2.2
diff -u -d -r1.1.4.6.2.1 -r1.1.4.6.2.2
--- a/window.c 30 Mar 2004 16:38:13 -0000 1.1.4.6.2.1
+++ b/window.c 2 Apr 2004 06:31:37 -0000 1.1.4.6.2.2
@@ -3179,7 +3179,11 @@
}
xfree(client->saveSet);
client->numSaved = 0;
+#ifdef XFIXES
client->saveSet = (SaveSetElt *)NULL;
+#else
+ client->saveSet = (pointer *)NULL;
+#endif
}
Bool
Index: dixutils.c
===================================================================
RCS file: /cvs/xorg/xc/programs/Xserver/dix/dixutils.c,v
retrieving revision 1.1.4.3.2.1
retrieving revision 1.1.4.3.2.2
diff -u -d -r1.1.4.3.2.1 -r1.1.4.3.2.2
--- a/dixutils.c 30 Mar 2004 16:35:06 -0000 1.1.4.3.2.1
+++ b/dixutils.c 2 Apr 2004 06:31:37 -0000 1.1.4.3.2.2
@@ -353,7 +353,11 @@
Bool remap)
{
int numnow;
+#ifdef XFIXES
+ SaveSetElt *pTmp = NULL;
+#else
pointer *pTmp = NULL;
+#endif
int j;
numnow = client->numSaved;
@@ -361,7 +365,7 @@
if (numnow)
{
pTmp = client->saveSet;
- while ((j < numnow) && (pTmp[j] != (pointer)pWin))
+ while ((j < numnow) && (SaveSetWindow(pTmp[j]) != (pointer)pWin))
j++;
}
if (mode == SetModeInsert)
@@ -369,7 +373,11 @@
if (j < numnow) /* duplicate */
return(Success);
numnow++;
+#ifdef XFIXES
+ pTmp = (SaveSetElt *)xrealloc(client->saveSet, sizeof(SaveSetElt) * numnow);
+#else
pTmp = (pointer *)xrealloc(client->saveSet, sizeof(pointer) * numnow);
+#endif
if (!pTmp)
return(BadAlloc);
client->saveSet = pTmp;
@@ -389,15 +397,22 @@
numnow--;
if (numnow)
{
- pTmp = (pointer *)xrealloc(client->saveSet,
- sizeof(pointer) * numnow);
+#ifdef XFIXES
+ pTmp = (SaveSetElt *)xrealloc(client->saveSet, sizeof(SaveSetElt) * numnow);
+#else
+ pTmp = (pointer *)xrealloc(client->saveSet, sizeof(pointer) * numnow);
+#endif
if (pTmp)
client->saveSet = pTmp;
}
else
{
xfree(client->saveSet);
+#ifdef XFIXES
+ client->saveSet = (SaveSetElt *)NULL;
+#else
client->saveSet = (pointer *)NULL;
+#endif
}
client->numSaved = numnow;
return(Success);
- Previous message: [xorg-commit-diffs] xc/config/cf sun.cf,1.1.4.10,1.1.4.10.2.1
- Next message: [xorg-commit-diffs] xc/include/extensions damage.h, NONE,
1.1.2.1 damageproto.h, NONE, 1.1.2.1 damagewire.h, NONE,
1.1.2.1 Imakefile, 1.1.4.5, 1.1.4.5.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the xorg-commit-diffs
mailing list