xserver: Branch 'server-1.11-branch' - 7 commits
Jeremy Huddleston
jeremyhu at kemper.freedesktop.org
Mon Nov 21 19:03:32 PST 2011
hw/xfree86/common/xf86VidMode.c | 3 +
hw/xfree86/dri2/dri2.c | 17 ++++++++--
hw/xfree86/dri2/dri2ext.c | 3 +
hw/xfree86/modes/xf86EdidModes.c | 5 +++
hw/xfree86/os-support/linux/lnx_video.c | 8 ++--
include/os.h | 3 +
miext/rootless/rootlessScreen.c | 4 +-
os/io.c | 1
record/record.c | 53 ++++++++++++++++++--------------
9 files changed, 64 insertions(+), 33 deletions(-)
New commits:
commit b440fc9c1bb10f8c227120e6d9e58101108d71bb
Author: dtakahashi42 <dtakahashi42 at gmail.com>
Date: Fri Nov 18 11:30:22 2011 -0800
rootless: Fix a server crash when choosing a color with the gimp color wheel
https://trac.macports.org/ticket/30927
Signed-off-by: Jeremy Huddleston <jeremyhu at apple.com>
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
(cherry picked from commit 328074890eeb111950e984c6f618311983600b20)
diff --git a/miext/rootless/rootlessScreen.c b/miext/rootless/rootlessScreen.c
index 0801e72..c855706 100644
--- a/miext/rootless/rootlessScreen.c
+++ b/miext/rootless/rootlessScreen.c
@@ -247,8 +247,8 @@ RootlessComposite(CARD8 op, PicturePtr pSrc, PicturePtr pMask, PicturePtr pDst,
WindowPtr srcWin, dstWin, maskWin = NULL;
if (pMask) { // pMask can be NULL
- maskWin = (pMask->pDrawable->type == DRAWABLE_WINDOW) ?
- (WindowPtr)pMask->pDrawable : NULL;
+ maskWin = (pMask->pDrawable && pMask->pDrawable->type == DRAWABLE_WINDOW) ?
+ (WindowPtr)pMask->pDrawable : NULL;
}
srcWin = (pSrc->pDrawable && pSrc->pDrawable->type == DRAWABLE_WINDOW) ?
(WindowPtr)pSrc->pDrawable : NULL;
commit 40c1287f36517f0afd62306e306f6a68120d9a59
Author: Ross Burton <ross at linux.intel.com>
Date: Wed Sep 28 11:46:02 2011 +0100
edid: Add quirk for Acer Aspire One 110
At least one revision of the AAO reports a 190x110mm maximum size but a
451x113mm mode.
X.Org Bug 41141 <https://bugs.freedesktop.org/show_bug.cgi?id=41141>
Signed-off-by: Ross Burton <ross at linux.intel.com>
Reviewed-by: Daniel Stone <daniel at fooishbar.org>
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
(cherry picked from commit 58864146fbdf1820d04825838691e84784ef91bc)
diff --git a/hw/xfree86/modes/xf86EdidModes.c b/hw/xfree86/modes/xf86EdidModes.c
index 9ff2f0d..86065f8 100644
--- a/hw/xfree86/modes/xf86EdidModes.c
+++ b/hw/xfree86/modes/xf86EdidModes.c
@@ -165,6 +165,11 @@ static Bool quirk_detailed_use_maximum_size (int scrnIndex, xf86MonPtr DDC)
DDC->vendor.prod_id == 6400)
return TRUE;
+ /* Bug #41141: Acer Aspire One */
+ if (memcmp (DDC->vendor.name, "LGD", 4) == 0 &&
+ DDC->vendor.prod_id == 0x7f01)
+ return TRUE;
+
return FALSE;
}
commit 7972e2dade58158bb98f5b7dc5f873b9fb3446de
Author: Chris Wilson <chris at chris-wilson.co.uk>
Date: Thu Aug 25 16:04:04 2011 +0100
dri2: Register the DRI2DrawableType after server regeneration
The Resource database is reset upon regeneration and so the dri2 module
needs to re-register its RESTYPE for the drawable or else it will
clobber the next unsuspecting user of the database. Fortunately, DRI2 is
loaded late in the initialisation sequence and was last up until
xf86-video-intel started using the Resource database to track
outstanding swaps...
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
Tested-by: Paulo Zanoni <paulo.r.zanoni at intel.com>
(cherry picked from commit 34b0e4eee911f8b09a3682a7f1b4c8598ef48b8d)
diff --git a/hw/xfree86/dri2/dri2.c b/hw/xfree86/dri2/dri2.c
index d71e4f4..f7f7000 100644
--- a/hw/xfree86/dri2/dri2.c
+++ b/hw/xfree86/dri2/dri2.c
@@ -1194,14 +1194,24 @@ DRI2CloseScreen(ScreenPtr pScreen)
}
extern ExtensionModule dri2ExtensionModule;
+extern Bool DRI2ModuleSetup(void);
+
+/* Called by InitExtensions() */
+Bool
+DRI2ModuleSetup(void)
+{
+ dri2DrawableRes = CreateNewResourceType(DRI2DrawableGone, "DRI2Drawable");
+ if (!dri2DrawableRes)
+ return FALSE;
+
+ return TRUE;
+}
static pointer
DRI2Setup(pointer module, pointer opts, int *errmaj, int *errmin)
{
static Bool setupDone = FALSE;
- dri2DrawableRes = CreateNewResourceType(DRI2DrawableGone, "DRI2Drawable");
-
if (!setupDone)
{
setupDone = TRUE;
diff --git a/hw/xfree86/dri2/dri2ext.c b/hw/xfree86/dri2/dri2ext.c
index 552b26b..a2198e2 100644
--- a/hw/xfree86/dri2/dri2ext.c
+++ b/hw/xfree86/dri2/dri2ext.c
@@ -50,6 +50,7 @@
#include "xf86Module.h"
static ExtensionEntry *dri2Extension;
+extern Bool DRI2ModuleSetup(void);
static Bool
validDrawable(ClientPtr client, XID drawable, Mask access_mode,
@@ -636,6 +637,8 @@ DRI2ExtensionInit(void)
StandardMinorOpcode);
DRI2EventBase = dri2Extension->eventBase;
+
+ DRI2ModuleSetup();
}
extern Bool noDRI2Extension;
commit 73beaf9033d9a44e7a7c654f296624c7265eeb6d
Author: Chris Wilson <chris at chris-wilson.co.uk>
Date: Mon Jan 24 11:17:03 2011 +0000
DRI2: Avoid a NULL pointer dereference
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=41211
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
(cherry picked from commit bfa1a0dd190ed88020d60eba3bb04681c8e83a68)
diff --git a/hw/xfree86/dri2/dri2.c b/hw/xfree86/dri2/dri2.c
index af3bcae..d71e4f4 100644
--- a/hw/xfree86/dri2/dri2.c
+++ b/hw/xfree86/dri2/dri2.c
@@ -780,7 +780,8 @@ DRI2WaitSwap(ClientPtr client, DrawablePtr pDrawable)
/* If we're currently waiting for a swap on this drawable, reset
* the request and suspend the client. We only support one
* blocked client per drawable. */
- if ((pPriv->swapsPending) &&
+ if (pPriv &&
+ pPriv->swapsPending &&
pPriv->blockedClient == NULL) {
ResetCurrentRequest(client);
client->sequence--;
commit 6105fcaa3592cb6d0d5f22d9b850986d0bc4d241
Author: Chris Wilson <chris at chris-wilson.co.uk>
Date: Mon Jan 24 11:17:03 2011 +0000
VidMode: prevent crash with no modes
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=17431
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
(cherry picked from commit eeb21a133b982f71de739baf62e53c8a68f5d495)
diff --git a/hw/xfree86/common/xf86VidMode.c b/hw/xfree86/common/xf86VidMode.c
index 4dd454d..2ae5484 100644
--- a/hw/xfree86/common/xf86VidMode.c
+++ b/hw/xfree86/common/xf86VidMode.c
@@ -221,6 +221,9 @@ VidModeGetFirstModeline(int scrnIndex, pointer *mode, int *dotClock)
return FALSE;
pScrn = xf86Screens[scrnIndex];
+ if (pScrn->modes == NULL)
+ return FALSE;
+
pVidMode = VMPTR(pScrn->pScreen);
pVidMode->First = pScrn->modes;
pVidMode->Next = pVidMode->First->next;
commit d113b2911573f3685dc644c6fdd1979aa880b99f
Author: Rami Ylimäki <rami.ylimaki at vincit.fi>
Date: Tue Oct 4 12:25:26 2011 +0300
record: Prevent out of bounds access when recording a reply.
Any pad bytes in replies are written to the client from a zeroed
array. However, record extension tries to incorrectly access the pad
bytes from the end of reply data.
Signed-off-by: Rami Ylimäki <rami.ylimaki at vincit.fi>
Reviewed-by: Erkki Seppälä <erkki.seppala at vincit.fi>
(cherry picked from commit c1bb8f43b9290c2b18a9f0ac59773ff8f1eb974f)
diff --git a/include/os.h b/include/os.h
index a553f57..c9a8b3e 100644
--- a/include/os.h
+++ b/include/os.h
@@ -451,9 +451,10 @@ extern _X_EXPORT CallbackListPtr ReplyCallback;
typedef struct {
ClientPtr client;
const void *replyData;
- unsigned long dataLenBytes;
+ unsigned long dataLenBytes; /* actual bytes from replyData + pad bytes */
unsigned long bytesRemaining;
Bool startOfReply;
+ unsigned long padBytes; /* pad bytes from zeroed array */
} ReplyInfoRec;
/* stuff for FlushCallback */
diff --git a/os/io.c b/os/io.c
index 4210238..c59e18c 100644
--- a/os/io.c
+++ b/os/io.c
@@ -810,6 +810,7 @@ WriteToClient (ClientPtr who, int count, const void *__buf)
replyinfo.client = who;
replyinfo.replyData = buf;
replyinfo.dataLenBytes = count + padBytes;
+ replyinfo.padBytes = padBytes;
if (who->replyBytesRemaining)
{ /* still sending data of an earlier reply */
who->replyBytesRemaining -= count + padBytes;
diff --git a/record/record.c b/record/record.c
index 69fca72..93383ce 100644
--- a/record/record.c
+++ b/record/record.c
@@ -269,8 +269,9 @@ RecordFlushReplyBuffer(
* device events and EndOfData, pClient is NULL.
* category is the category of the protocol element, as defined
* by the RECORD spec.
- * data is a pointer to the protocol data, and datalen is its length
- * in bytes.
+ * data is a pointer to the protocol data, and datalen - padlen
+ * is its length in bytes.
+ * padlen is the number of pad bytes from a zeroed array.
* futurelen is the number of bytes that will be sent in subsequent
* calls to this function to complete this protocol element.
* In those subsequent calls, futurelen will be -1 to indicate
@@ -290,7 +291,7 @@ RecordFlushReplyBuffer(
*/
static void
RecordAProtocolElement(RecordContextPtr pContext, ClientPtr pClient,
- int category, pointer data, int datalen, int futurelen)
+ int category, pointer data, int datalen, int padlen, int futurelen)
{
CARD32 elemHeaderData[2];
int numElemHeaders = 0;
@@ -399,15 +400,20 @@ RecordAProtocolElement(RecordContextPtr pContext, ClientPtr pClient,
}
if (datalen)
{
+ static char padBuffer[3]; /* as in FlushClient */
memcpy(pContext->replyBuffer + pContext->numBufBytes,
- data, datalen);
- pContext->numBufBytes += datalen;
+ data, datalen - padlen);
+ pContext->numBufBytes += datalen - padlen;
+ memcpy(pContext->replyBuffer + pContext->numBufBytes,
+ padBuffer, padlen);
+ pContext->numBufBytes += padlen;
}
}
else
+ {
RecordFlushReplyBuffer(pContext, (pointer)elemHeaderData,
- numElemHeaders, (pointer)data, datalen);
-
+ numElemHeaders, (pointer)data, datalen - padlen);
+ }
} /* RecordAProtocolElement */
@@ -485,19 +491,19 @@ RecordABigRequest(RecordContextPtr pContext, ClientPtr client, xReq *stuff)
/* record the request header */
bytesLeft = client->req_len << 2;
RecordAProtocolElement(pContext, client, XRecordFromClient,
- (pointer)stuff, SIZEOF(xReq), bytesLeft);
+ (pointer)stuff, SIZEOF(xReq), 0, bytesLeft);
/* reinsert the extended length field that was squished out */
bigLength = client->req_len + bytes_to_int32(sizeof(bigLength));
if (client->swapped)
swapl(&bigLength, n);
RecordAProtocolElement(pContext, client, XRecordFromClient,
- (pointer)&bigLength, sizeof(bigLength), /* continuation */ -1);
+ (pointer)&bigLength, sizeof(bigLength), 0, /* continuation */ -1);
bytesLeft -= sizeof(bigLength);
/* record the rest of the request after the length */
RecordAProtocolElement(pContext, client, XRecordFromClient,
- (pointer)(stuff + 1), bytesLeft, /* continuation */ -1);
+ (pointer)(stuff + 1), bytesLeft, 0, /* continuation */ -1);
} /* RecordABigRequest */
@@ -544,7 +550,7 @@ RecordARequest(ClientPtr client)
RecordABigRequest(pContext, client, stuff);
else
RecordAProtocolElement(pContext, client, XRecordFromClient,
- (pointer)stuff, client->req_len << 2, 0);
+ (pointer)stuff, client->req_len << 2, 0, 0);
}
else /* extension, check minor opcode */
{
@@ -568,7 +574,7 @@ RecordARequest(ClientPtr client)
else
RecordAProtocolElement(pContext, client,
XRecordFromClient, (pointer)stuff,
- client->req_len << 2, 0);
+ client->req_len << 2, 0, 0);
break;
}
} /* end for each minor op info */
@@ -621,7 +627,8 @@ RecordAReply(CallbackListPtr *pcbl, pointer nulldata, pointer calldata)
if (pContext->continuedReply)
{
RecordAProtocolElement(pContext, client, XRecordFromServer,
- (pointer)pri->replyData, pri->dataLenBytes, /* continuation */ -1);
+ (pointer)pri->replyData, pri->dataLenBytes,
+ pri->padBytes, /* continuation */ -1);
if (!pri->bytesRemaining)
pContext->continuedReply = 0;
}
@@ -631,7 +638,7 @@ RecordAReply(CallbackListPtr *pcbl, pointer nulldata, pointer calldata)
if (majorop <= 127)
{ /* core reply */
RecordAProtocolElement(pContext, client, XRecordFromServer,
- (pointer)pri->replyData, pri->dataLenBytes, pri->bytesRemaining);
+ (pointer)pri->replyData, pri->dataLenBytes, 0, pri->bytesRemaining);
if (pri->bytesRemaining)
pContext->continuedReply = 1;
}
@@ -653,7 +660,7 @@ RecordAReply(CallbackListPtr *pcbl, pointer nulldata, pointer calldata)
{
RecordAProtocolElement(pContext, client,
XRecordFromServer, (pointer)pri->replyData,
- pri->dataLenBytes, pri->bytesRemaining);
+ pri->dataLenBytes, 0, pri->bytesRemaining);
if (pri->bytesRemaining)
pContext->continuedReply = 1;
break;
@@ -725,7 +732,7 @@ RecordADeliveredEventOrError(CallbackListPtr *pcbl, pointer nulldata, pointer ca
}
RecordAProtocolElement(pContext, pClient,
- XRecordFromServer, pEvToRecord, SIZEOF(xEvent), 0);
+ XRecordFromServer, pEvToRecord, SIZEOF(xEvent), 0, 0);
}
} /* end for each event */
} /* end this client is on this context */
@@ -776,7 +783,7 @@ RecordSendProtocolEvents(RecordClientsAndProtocolPtr pRCAP,
}
RecordAProtocolElement(pContext, NULL,
- XRecordFromServer, pEvToRecord, SIZEOF(xEvent), 0);
+ XRecordFromServer, pEvToRecord, SIZEOF(xEvent), 0, 0);
/* make sure device events get flushed in the absence
* of other client activity
*/
@@ -2420,7 +2427,7 @@ ProcRecordEnableContext(ClientPtr client)
assert(numEnabledContexts > 0);
/* send StartOfData */
- RecordAProtocolElement(pContext, NULL, XRecordStartOfData, NULL, 0, 0);
+ RecordAProtocolElement(pContext, NULL, XRecordStartOfData, NULL, 0, 0, 0);
RecordFlushReplyBuffer(pContext, NULL, 0, NULL, 0);
return Success;
} /* ProcRecordEnableContext */
@@ -2451,7 +2458,7 @@ RecordDisableContext(RecordContextPtr pContext)
if (!pContext->pRecordingClient) return;
if (!pContext->pRecordingClient->clientGone)
{
- RecordAProtocolElement(pContext, NULL, XRecordEndOfData, NULL, 0, 0);
+ RecordAProtocolElement(pContext, NULL, XRecordEndOfData, NULL, 0, 0, 0);
RecordFlushReplyBuffer(pContext, NULL, 0, NULL, 0);
/* Re-enable request processing on this connection. */
AttendClient(pContext->pRecordingClient);
@@ -2775,7 +2782,7 @@ RecordConnectionSetupInfo(RecordContextPtr pContext, NewClientInfoRec *pci)
SwapConnSetupPrefix(pci->prefix, (xConnSetupPrefix*)pConnSetup);
SwapConnSetupInfo((char*)pci->setup, (char*)(pConnSetup + prefixsize));
RecordAProtocolElement(pContext, pci->client, XRecordClientStarted,
- (pointer)pConnSetup, prefixsize + restsize, 0);
+ (pointer)pConnSetup, prefixsize + restsize, 0, 0);
free(pConnSetup);
}
else
@@ -2784,9 +2791,9 @@ RecordConnectionSetupInfo(RecordContextPtr pContext, NewClientInfoRec *pci)
* data in two pieces
*/
RecordAProtocolElement(pContext, pci->client, XRecordClientStarted,
- (pointer)pci->prefix, prefixsize, restsize);
+ (pointer)pci->prefix, prefixsize, 0, restsize);
RecordAProtocolElement(pContext, pci->client, XRecordClientStarted,
- (pointer)pci->setup, restsize, /* continuation */ -1);
+ (pointer)pci->setup, restsize, 0, /* continuation */ -1);
}
} /* RecordConnectionSetupInfo */
@@ -2863,7 +2870,7 @@ RecordAClientStateChange(CallbackListPtr *pcbl, pointer nulldata, pointer callda
{
if (pContext->pRecordingClient && pRCAP->clientDied)
RecordAProtocolElement(pContext, pClient,
- XRecordClientDied, NULL, 0, 0);
+ XRecordClientDied, NULL, 0, 0, 0);
RecordDeleteClientFromRCAP(pRCAP, pos);
}
}
commit 4dc5b6ea9f4932070c37b7c5393d468d00803712
Author: Jeremy Huddleston <jeremyhu at apple.com>
Date: Tue Nov 1 14:59:15 2011 -0700
xfree86: Fix powerpc build with -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast
memType is a uint64_t on powerpc. Using memType only really makes
sense for *physical* addresses, which can be 64-bit for 32-bit
systems running on 64-bit hardware.
However, unmapVidMem() only deals with *virtual* addresses, which
are guaranteed to fit into an uintptr_t.
Signed-off-by: Jeremy Huddleston <jeremyhu at apple.com>
Reviewed-by: Mark Kettenis <kettenis at openbsd.org>
(cherry picked from commit eb3377ffb8a7baa26c9831e56ed782d48b28fa71)
diff --git a/hw/xfree86/os-support/linux/lnx_video.c b/hw/xfree86/os-support/linux/lnx_video.c
index 3d45511..468c621 100644
--- a/hw/xfree86/os-support/linux/lnx_video.c
+++ b/hw/xfree86/os-support/linux/lnx_video.c
@@ -469,11 +469,11 @@ mapVidMem(int ScreenNum, unsigned long Base, unsigned long Size, int flags)
static void
unmapVidMem(int ScreenNum, pointer Base, unsigned long Size)
{
- memType alignOff = (memType)Base
- - ((memType)Base & ~(getpagesize() - 1));
+ uintptr_t alignOff = (uintptr_t)Base
+ - ((uintptr_t)Base & ~(getpagesize() - 1));
- DebugF("alignment offset: %lx\n",alignOff);
- munmap((caddr_t)((memType)Base - alignOff), (Size + alignOff));
+ DebugF("alignment offset: %lx\n", (unsigned long)alignOff);
+ munmap((void *)((uintptr_t)Base - alignOff), (Size + alignOff));
}
More information about the xorg-commit
mailing list