xserver: Branch 'server-1.11-branch' - 9 commits
Jeremy Huddleston
jeremyhu at kemper.freedesktop.org
Fri Dec 9 12:39:10 PST 2011
Xext/saver.c | 3 +--
Xext/xvdisp.c | 4 ++--
Xi/extinit.c | 4 ++--
config/hal.c | 1 +
hw/kdrive/src/kinput.c | 6 ------
hw/vfb/InitOutput.c | 4 +++-
hw/xfree86/fbdevhw/fbdevhw.c | 18 ++++++++++--------
hw/xfree86/loader/loadmod.c | 2 +-
hw/xfree86/xaa/xaaGC.c | 1 +
9 files changed, 21 insertions(+), 22 deletions(-)
New commits:
commit e76c397eb90291b048e0b2102111008e3d2e469e
Author: Dave Airlie <airlied at redhat.com>
Date: Mon Nov 28 16:37:59 2011 +0000
kdrive: drop screen crossing code.
The only kdrive server we probably care about anymore is Xephyr,
and this screen enable/disable code totally breaks it in multi-screen mode.
When you are in one screen the other stops updating.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=757457
Signed-off-by: Dave Airlie <airlied at redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
(cherry picked from commit 98c4a888a4428789386c7c47cecc81933b5999ba)
diff --git a/hw/kdrive/src/kinput.c b/hw/kdrive/src/kinput.c
index c14dd82..500a3d8 100644
--- a/hw/kdrive/src/kinput.c
+++ b/hw/kdrive/src/kinput.c
@@ -2135,12 +2135,6 @@ KdCursorOffScreen(ScreenPtr *ppScreen, int *x, int *y)
static void
KdCrossScreen(ScreenPtr pScreen, Bool entering)
{
-#ifndef XIPAQ
- if (entering)
- KdEnableScreen (pScreen);
- else
- KdDisableScreen (pScreen);
-#endif
}
int KdCurScreen; /* current event screen */
commit db418ff7501d960c8de813a37b8bb37b1ba22175
Author: Dave Airlie <airlied at redhat.com>
Date: Thu Oct 20 10:48:26 2011 +0100
hal: free tmp_val in one missing case
Pointed out by coverity scan.
Signed-off-by: Dave Airlie <airlied at redhat.com>
Reviewed-by: Daniel Stone <daniel at fooishbar.org>
(cherry picked from commit 8d3731a811e33e263920dd7c8ec63d02968cb56e)
diff --git a/config/hal.c b/config/hal.c
index 297520a..a4141d5 100644
--- a/config/hal.c
+++ b/config/hal.c
@@ -355,6 +355,7 @@ device_added(LibHalContext *hal_ctx, const char *udi)
if (!strcasecmp(tmp, ".options") && (!xkb_opts.options))
xkb_opts.options = strdup(tmp_val);
}
+ free(tmp_val);
}
}
}
commit 6b11b18ab683e1f38e5b27066b35947b96956e5f
Author: Dave Airlie <airlied at redhat.com>
Date: Thu Oct 20 11:00:43 2011 +0100
xv: test correct number of requests. (v2)
Pointed out by coverity.
v2: fix swapped as well, as pointed out by Alan
Signed-off-by: Dave Airlie <airlied at redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
(cherry picked from commit 41229392b790f30a0f0ef1f4ed95647c5bca4001)
diff --git a/Xext/xvdisp.c b/Xext/xvdisp.c
index b968431..84b10b4 100644
--- a/Xext/xvdisp.c
+++ b/Xext/xvdisp.c
@@ -1265,7 +1265,7 @@ ProcXvDispatch(ClientPtr client)
UpdateCurrentTime();
- if (stuff->data > xvNumRequests) {
+ if (stuff->data >= xvNumRequests) {
SendErrorToClient(client, XvReqCode, stuff->data, 0, BadRequest);
return BadRequest;
}
@@ -1589,7 +1589,7 @@ SProcXvDispatch(ClientPtr client)
UpdateCurrentTime();
- if (stuff->data > xvNumRequests) {
+ if (stuff->data >= xvNumRequests) {
SendErrorToClient(client, XvReqCode, stuff->data, 0, BadRequest);
return BadRequest;
}
commit df16b789aaf5fe7025e5661117477a5f6f9129ee
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Oct 19 16:57:13 2011 +0100
xaa: avoid possible freed pointer reuse in epilogue
If the pGCPriv->flags == 2, then we try to assign the freed pGCPriv->XAAOps
avoid this by clearing the flags in to be destroyed pGCPriv.
Reported by coverity.
Signed-off-by: Dave Airlie <airlied at redhat.com>
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
(cherry picked from commit 1049139499d9132a20cd6d4d156fe9da9cddb6c2)
diff --git a/hw/xfree86/xaa/xaaGC.c b/hw/xfree86/xaa/xaaGC.c
index 44d50e6..1bc35d9 100644
--- a/hw/xfree86/xaa/xaaGC.c
+++ b/hw/xfree86/xaa/xaaGC.c
@@ -239,6 +239,7 @@ XAADestroyGC(GCPtr pGC)
free(pGCPriv->XAAOps);
free(pGCPriv->DashPattern);
+ pGCPriv->flags = 0;
(*pGC->funcs->DestroyGC)(pGC);
XAA_GC_FUNC_EPILOGUE (pGC);
commit befa8a3b836e8b5781491aff4e659ae856beb494
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Oct 19 16:22:31 2011 +0100
Xi: avoid overrun of callback array.
This code had an off-by-one and would allow writing one past the end of
the callbacks array.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied at redhat.com>
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
(cherry picked from commit 682c09a2cedd234b005334cc01247d859dd7f26a)
diff --git a/Xi/extinit.c b/Xi/extinit.c
index 0905e18..0ce4e06 100644
--- a/Xi/extinit.c
+++ b/Xi/extinit.c
@@ -409,7 +409,7 @@ static int
ProcIDispatch(ClientPtr client)
{
REQUEST(xReq);
- if (stuff->data > ARRAY_SIZE(ProcIVector) || !ProcIVector[stuff->data])
+ if (stuff->data >= ARRAY_SIZE(ProcIVector) || !ProcIVector[stuff->data])
return BadRequest;
return (*ProcIVector[stuff->data])(client);
@@ -428,7 +428,7 @@ static int
SProcIDispatch(ClientPtr client)
{
REQUEST(xReq);
- if (stuff->data > ARRAY_SIZE(SProcIVector) || !SProcIVector[stuff->data])
+ if (stuff->data >= ARRAY_SIZE(SProcIVector) || !SProcIVector[stuff->data])
return BadRequest;
return (*SProcIVector[stuff->data])(client);
commit b22783f483d440a005ff76d5c7894e2cf2a95dcb
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Oct 19 16:21:26 2011 +0100
xext: don't free uninitialised pointer when malloc fails. (v2)
Initialise the pAttr->values to values so if the values allocation
fails it just ends up as free(NULL).
Pointed out by coverity.
v2: use Alan's suggestion.
Signed-off-by: Dave Airlie <airlied at redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
(cherry picked from commit b62dc4fcbcffd10de16650bee284702c8608bb60)
diff --git a/Xext/saver.c b/Xext/saver.c
index 1888603..0f9e878 100644
--- a/Xext/saver.c
+++ b/Xext/saver.c
@@ -927,7 +927,7 @@ ScreenSaverSetAttributes (ClientPtr client)
goto bail;
}
/* over allocate for override redirect */
- values = malloc((len + 1) * sizeof (unsigned long));
+ pAttr->values = values = malloc((len + 1) * sizeof (unsigned long));
if (!values)
{
ret = BadAlloc;
@@ -947,7 +947,6 @@ ScreenSaverSetAttributes (ClientPtr client)
pAttr->pCursor = NullCursor;
pAttr->pBackgroundPixmap = NullPixmap;
pAttr->pBorderPixmap = NullPixmap;
- pAttr->values = values;
/*
* go through the mask, checking the values,
* looking up pixmaps and cursors and hold a reference
commit 083599c5597276289af9adaf8a8571cbe743c3fd
Author: Adam Jackson <ajax at redhat.com>
Date: Thu Apr 28 13:34:28 2011 +1000
fbdevhw: iterate over all modes that match a mode. (v3)
So on RHEL5 anaconda sets an xorg.conf with a fixed 800x600 mode in it,
we run radeonfb and fbdev since ati won't work in userspace due to domain
issues in the older codebase.
On certain pseries blades the built-in KVM can't accept an 800x600-43 mode,
it requires the 800x600-60 mode, so we have to have the kernel radeonfb
driver reject the 800x600-43 mode when it sees it. However then fbdev
doesn't try any of the other 800x600 modes in the modelist, and we end up
getting a default 640x480 mode we don't want.
This patch changes the mode validation loop to continue on with the other modes
that match to find one that works.
v2: move code around to avoid extra loop, after comment from Jamey.
v3: move loop setup back into loop as per Jeremy's review.
Signed-off-by: Dave Airlie <airlied at redhat.com>
Reviewed-by: Jamey Sharp <jamey at minilop.net>
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
(cherry picked from commit 22605effd188436629a0dbc688666549473741e4)
diff --git a/hw/xfree86/fbdevhw/fbdevhw.c b/hw/xfree86/fbdevhw/fbdevhw.c
index dee731b..806b906 100644
--- a/hw/xfree86/fbdevhw/fbdevhw.c
+++ b/hw/xfree86/fbdevhw/fbdevhw.c
@@ -509,20 +509,22 @@ fbdevHWSetVideoModes(ScrnInfoPtr pScrn)
pScrn->virtualY = pScrn->display->virtualY;
for (modename = pScrn->display->modes; *modename != NULL; modename++) {
- for (mode = pScrn->monitor->Modes; mode != NULL; mode = mode->next)
- if (0 == strcmp(mode->name,*modename))
- break;
+ for (mode = pScrn->monitor->Modes; mode != NULL; mode = mode->next) {
+ if (0 == strcmp(mode->name,*modename)) {
+ if (fbdevHWSetMode(pScrn, mode, TRUE))
+ break;
+
+ xf86DrvMsg(pScrn->scrnIndex, X_INFO,
+ "\tmode \"%s\" test failed\n", *modename);
+ }
+ }
+
if (NULL == mode) {
xf86DrvMsg(pScrn->scrnIndex, X_INFO,
"\tmode \"%s\" not found\n", *modename);
continue;
}
- if (!fbdevHWSetMode(pScrn, mode, TRUE)) {
- xf86DrvMsg(pScrn->scrnIndex, X_INFO,
- "\tmode \"%s\" test failed\n", *modename);
- continue;
- }
xf86DrvMsg(pScrn->scrnIndex, X_INFO,
"\tmode \"%s\" ok\n", *modename);
commit 05a890df0ade7c4958a2a13ed0c6471e4658a098
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Thu Dec 1 23:45:42 2011 -0800
LoaderOpen returns either a valid pointer or NULL, so don't check for < 0
Fixes Sun cc warning that was recently elevated to error by the
stricter default CFLAGS changes to xorg-macros:
"loadmod.c", line 914: improper pointer/integer combination: op "<"
Should have been changed when commit ab7f057ce9df4e905b12 changed the
LoaderOpen return type from int to void *.
Changes log message when file is found but dlopen() fails from:
(EE) LoadModule: Module dbe does not have a dbeModuleData data object.
(EE) Failed to load module "dbe" (invalid module, 0)
to:
(EE) Failed to load module "dbe" (loader failed, 7)
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Reviewed-by: Adam Jackson <ajax at redhat.com>
(cherry picked from commit e4dcf580f007d6adcf5b0c639865d7aaab1a319d)
diff --git a/hw/xfree86/loader/loadmod.c b/hw/xfree86/loader/loadmod.c
index 9f82099..20a4719 100644
--- a/hw/xfree86/loader/loadmod.c
+++ b/hw/xfree86/loader/loadmod.c
@@ -918,7 +918,7 @@ doLoadModule(const char *module, const char *path, const char **subdirlist,
goto LoadModule_fail;
}
ret->handle = LoaderOpen(found, errmaj, errmin);
- if (ret->handle < 0)
+ if (ret->handle == NULL)
goto LoadModule_fail;
ret->path = strdup(found);
commit f4944108421d6ae4c728290baa43291f55ebaa67
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Wed Nov 23 00:30:02 2011 -0800
Limit the number of screens Xvfb will attempt to allocate memory for
Commit f9e3a2955d2ca7 removing the MAXSCREEN limit left the screen
number too unlimited, and allowed any positive int for a screen number:
Xvfb :1 -screen 2147483647 1024x1024x8
Fatal server error:
Not enough memory for screen 2147483647
Found by Parfait 0.3.7:
Error: Integer overflow (CWE 190)
Integer parameter of memory allocation function realloc() may overflow due to multiplication with constant value 1112
at line 293 of hw/vfb/InitOutput.c in function 'ddxProcessArgument'.
Since the X11 connection setup only has a CARD8 for number of SCREENS,
limit to 255 screens, which is also low enough to avoid overflow on the
sizeof(*vfbScreens) * (screenNum + 1) calculation for realloc.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Reviewed-by: Jamey Sharp <jamey at minilop.net>
(cherry picked from commit feebf6746374aa04b12e9e3e51313a3a82c03530)
diff --git a/hw/vfb/InitOutput.c b/hw/vfb/InitOutput.c
index dce3f84..c17f12c 100644
--- a/hw/vfb/InitOutput.c
+++ b/hw/vfb/InitOutput.c
@@ -280,7 +280,9 @@ ddxProcessArgument(int argc, char *argv[], int i)
int screenNum;
CHECK_FOR_REQUIRED_ARGUMENTS(2);
screenNum = atoi(argv[i+1]);
- if (screenNum < 0)
+ /* The protocol only has a CARD8 for number of screens in the
+ connection setup block, so don't allow more than that. */
+ if ((screenNum < 0) || (screenNum >= 255))
{
ErrorF("Invalid screen number %d\n", screenNum);
UseMsg();
More information about the xorg-commit
mailing list