xserver: Branch 'master' - 4 commits
Keith Packard
keithp at kemper.freedesktop.org
Sun Nov 30 11:48:29 PST 2014
man/Xserver.man | 10 ++++++++++
os/io.c | 7 ++++---
os/log.c | 7 +++++--
render/picture.c | 45 +++++++++++++++++++++++++++++++++++++++------
4 files changed, 58 insertions(+), 11 deletions(-)
New commits:
commit 4b0d0df34f10a88c10cb23dd50087b59f5c4fece
Author: Peter Harris <pharris at opentext.com>
Date: Mon Nov 17 14:31:24 2014 -0500
Fix overflow of ConnectionOutput->size and ->count
When (long) is larger than (int), and when realloc succeeds with sizes
larger than INT_MAX, ConnectionOutput->size and ConnectionOutput->count
overflow and become negative.
When ConnectionOutput->count is negative, InsertIOV does not actually
insert an IOV, and FlushClient goes into an infinite loop of writev(fd,
iov, 0) [an empty list].
Avoid this situation by killing the client when it has more than INT_MAX
unread bytes of data.
Signed-off-by: Peter Harris <pharris at opentext.com>
Reviewed-by: Keith Packard <keithp at keithp.com>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/os/io.c b/os/io.c
index bb273bb..96a243d 100644
--- a/os/io.c
+++ b/os/io.c
@@ -971,10 +971,11 @@ FlushClient(ClientPtr who, OsCommPtr oc, const void *__extraBuf, int extraCount)
}
if (notWritten > oco->size) {
- unsigned char *obuf;
+ unsigned char *obuf = NULL;
- obuf = (unsigned char *) realloc(oco->buf,
- notWritten + BUFSIZE);
+ if (notWritten + BUFSIZE <= INT_MAX) {
+ obuf = realloc(oco->buf, notWritten + BUFSIZE);
+ }
if (!obuf) {
_XSERVTransDisconnect(oc->trans_conn);
_XSERVTransClose(oc->trans_conn);
commit 802932d112a3f6a09420be9e4a13fa78ac43840b
Author: Adam Jackson <ajax at redhat.com>
Date: Mon Nov 17 15:28:58 2014 -0500
render: fix ChangePicture when Xinerama is active (v2) (#49170)
ChangePicture takes wire XIDs, but didn't do any Xinerama translation,
which meant setting a clip pixmap or a separate alpha picture would
result in those elements pointing at the instance of the pixmap on
screen 0. Which is, you know, bad.
v2: This one actually builds.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=49170
Signed-off-by: Adam Jackson <ajax at redhat.com>
Reviewed-by: Keith Packard <keithp at keithp.com>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/render/picture.c b/render/picture.c
index 711cbc7..6ff31ba 100644
--- a/render/picture.c
+++ b/render/picture.c
@@ -41,6 +41,9 @@
#include "servermd.h"
#include "picturestr.h"
#include "xace.h"
+#ifdef PANORAMIX
+#include "panoramiXsrv.h"
+#endif
DevPrivateKeyRec PictureScreenPrivateKeyRec;
DevPrivateKeyRec PictureWindowPrivateKeyRec;
@@ -1007,6 +1010,38 @@ CreateConicalGradientPicture(Picture pid, xPointFixed * center, xFixed angle,
return pPicture;
}
+static int
+cpAlphaMap(void **result, XID id, ScreenPtr screen, ClientPtr client, Mask mode)
+{
+#ifdef PANORAMIX
+ if (!noPanoramiXExtension) {
+ PanoramiXRes *res;
+ int err = dixLookupResourceByType((void **)&res, id, XRT_PICTURE,
+ client, mode);
+ if (err != Success)
+ return err;
+ id = res->info[screen->myNum].id;
+ }
+#endif
+ return dixLookupResourceByType(result, id, PictureType, client, mode);
+}
+
+static int
+cpClipMask(void **result, XID id, ScreenPtr screen, ClientPtr client, Mask mode)
+{
+#ifdef PANORAMIX
+ if (!noPanoramiXExtension) {
+ PanoramiXRes *res;
+ int err = dixLookupResourceByType((void **)&res, id, XRT_PIXMAP,
+ client, mode);
+ if (err != Success)
+ return err;
+ id = res->info[screen->myNum].id;
+ }
+#endif
+ return dixLookupResourceByType(result, id, RT_PIXMAP, client, mode);
+}
+
#define NEXT_VAL(_type) (vlist ? (_type) *vlist++ : (_type) ulist++->val)
#define NEXT_PTR(_type) ((_type) ulist++->ptr)
@@ -1053,9 +1088,8 @@ ChangePicture(PicturePtr pPicture,
if (pid == None)
pAlpha = 0;
else {
- error = dixLookupResourceByType((void **) &pAlpha, pid,
- PictureType, client,
- DixReadAccess);
+ error = cpAlphaMap((void **) &pAlpha, pid, pScreen,
+ client, DixReadAccess);
if (error != Success) {
client->errorValue = pid;
break;
@@ -1112,9 +1146,8 @@ ChangePicture(PicturePtr pPicture,
}
else {
clipType = CT_PIXMAP;
- error = dixLookupResourceByType((void **) &pPixmap, pid,
- RT_PIXMAP, client,
- DixReadAccess);
+ error = cpClipMask((void **) &pPixmap, pid, pScreen,
+ client, DixReadAccess);
if (error != Success) {
client->errorValue = pid;
break;
commit c2994001680a7dcf9c167886d49b7326c97cd5d1
Author: Aaron Plattner <aplattner at nvidia.com>
Date: Fri Nov 21 08:39:02 2014 -0800
os: "Server terminated successfully" is not an error
ErrorFSigSafe calls LogVMessageVerbSigSafe with the message type set to X_ERROR.
That generates this in the log:
(EE) Server terminated successfully (0). Closing log file.
People periodically report this as an error, sometimes quoting this "error"
rather than an earlier error that actually caused a problem.
v2: Use X_INFO instead of X_NOTICE
Signed-off-by: Aaron Plattner <aplattner at nvidia.com>
Reviewed-by: Keith Packard <keithp at keithp.com>
Reviewed-by: Eric Anholt <eric at anholt.net>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/os/log.c b/os/log.c
index 2e3b3f6..0532c2e 100644
--- a/os/log.c
+++ b/os/log.c
@@ -257,8 +257,11 @@ void
LogClose(enum ExitCode error)
{
if (logFile) {
- ErrorFSigSafe("Server terminated %s (%d). Closing log file.\n",
- (error == EXIT_NO_ERROR) ? "successfully" : "with error", error);
+ int msgtype = (error == EXIT_NO_ERROR) ? X_INFO : X_ERROR;
+ LogMessageVerbSigSafe(msgtype, -1,
+ "Server terminated %s (%d). Closing log file.\n",
+ (error == EXIT_NO_ERROR) ? "successfully" : "with error",
+ error);
fclose(logFile);
logFile = NULL;
logFileFd = -1;
commit b09d59342804db7dbb8056dca43dd39f54e290aa
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Wed Nov 26 13:01:29 2014 -0800
Add -iglx & +iglx to Xserver.man
Covers the current state after commits 99f0365b1fbdfd9238b9f,
d0da0e9c3bb8fe0cd4879, & e3aa13b8d63ea2fba6eb4 were all applied.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Reviewed-by: James Jones <jajones at nvidia.com>
Reviewed-by: Robert Morell <rmorell at nvidia.com>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/man/Xserver.man b/man/Xserver.man
index c03830c..3bf844f 100644
--- a/man/Xserver.man
+++ b/man/Xserver.man
@@ -181,6 +181,16 @@ prints a usage message.
.B \-I
causes all remaining command line arguments to be ignored.
.TP 8
+.B \-iglx
+Prohibit creating indirect GLX contexts. Indirect GLX is of limited use,
+since it lacks support for many modern OpenGL features and extensions;
+it's slower than direct contexts; and it opens a large attack surface for
+protocol parsing errors.
+This is the default unless +iglx is specified.
+.TP 8
+.B +iglx
+Allow creating indirect GLX contexts.
+.TP 8
.B \-maxbigreqsize \fIsize\fP
sets the maximum big request to
.I size
More information about the xorg-commit
mailing list