xserver: Branch 'server-1.12-branch' - 2 commits
Jeremy Huddleston
jeremyhu at kemper.freedesktop.org
Wed Aug 1 17:33:00 PDT 2012
randr/rroutput.c | 3 ++-
randr/rrscreen.c | 5 ++++-
2 files changed, 6 insertions(+), 2 deletions(-)
New commits:
commit 465a7a253ae36a35d2d85a990c6c50c2a26a861e
Author: Aaron Plattner <aplattner at nvidia.com>
Date: Fri Jun 29 13:33:58 2012 -0700
randr: Fix REQUEST vs. REQUEST_SIZE_MATCH mismatch
ProcRRGetScreenSizeRange uses REQUEST(xRRGetScreenSizeRangeReq) followed by
REQUEST_SIZE_MATCH(xRRGetScreenInfoReq). This happens to work out because both
requests have the same size, so this is not a functional change, just a cosmetic
one.
Signed-off-by: Aaron Plattner <aplattner at nvidia.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Signed-off-by: Keith Packard <keithp at keithp.com>
(cherry picked from commit 212b9803238d2de2e77cbe5de62d3f616ae50daf)
diff --git a/randr/rrscreen.c b/randr/rrscreen.c
index 55110e0..c564d1f 100644
--- a/randr/rrscreen.c
+++ b/randr/rrscreen.c
@@ -195,7 +195,7 @@ ProcRRGetScreenSizeRange(ClientPtr client)
rrScrPrivPtr pScrPriv;
int rc;
- REQUEST_SIZE_MATCH(xRRGetScreenInfoReq);
+ REQUEST_SIZE_MATCH(xRRGetScreenSizeRangeReq);
rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
if (rc != Success)
return rc;
commit 6f4b6bca4c8f823adf83519b40f02b39a0c271ed
Author: Keith Packard <keithp at keithp.com>
Date: Thu Jun 21 18:45:18 2012 -0700
randr: Catch two more potential unset rrScrPriv uses
Ricardo Salveti <ricardo.salveti at linaro.org> found one place where the
randr code could use the randr screen private data without checking
for null first. This happens when the X server is running with
multiple screens, some of which are randr enabled and some of which
are not. Applications making protocol requests to the non-randr
screens can cause segfaults where the server touches the unset private
structure.
I audited the code and found two more possible problem spots; the
trick to auditing for this issue was to look for functions not taking
a RandR data structure and where there was no null screen private
check above them in the call graph.
Signed-off-by: Keith Packard <keithp at keithp.com>
(cherry picked from commit 855003c333a0ead1db912695bc9705ef2b3144b4)
diff --git a/randr/rroutput.c b/randr/rroutput.c
index 091e06b..fbd0e32 100644
--- a/randr/rroutput.c
+++ b/randr/rroutput.c
@@ -546,7 +546,8 @@ ProcRRSetOutputPrimary(ClientPtr client)
}
pScrPriv = rrGetScrPriv(pWin->drawable.pScreen);
- RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
+ if (pScrPriv)
+ RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
return Success;
}
diff --git a/randr/rrscreen.c b/randr/rrscreen.c
index f570afa..55110e0 100644
--- a/randr/rrscreen.c
+++ b/randr/rrscreen.c
@@ -248,6 +248,9 @@ ProcRRSetScreenSize(ClientPtr client)
pScreen = pWin->drawable.pScreen;
pScrPriv = rrGetScrPriv(pScreen);
+ if (!pScrPriv)
+ return BadMatch;
+
if (stuff->width < pScrPriv->minWidth || pScrPriv->maxWidth < stuff->width) {
client->errorValue = stuff->width;
return BadValue;
More information about the xorg-commit
mailing list