xserver: Branch 'master' - 3 commits
Adam Jackson
ajax at kemper.freedesktop.org
Mon Oct 19 09:23:47 PDT 2015
hw/xquartz/darwinEvents.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
New commits:
commit 5b582a4a0350c253d729efb31b710851ae9a958e
Merge: 1d4aa67 27ad212
Author: Adam Jackson <ajax at redhat.com>
Date: Mon Oct 19 12:23:22 2015 -0400
Merge remote-tracking branch 'jeremyhu/master'
commit 27ad21254f257bac6c647315d749ee69f20c24e0
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Sun Oct 18 23:01:53 2015 -0700
XQuartz: Cleanup formatting of DarwinEQInit that was butchered by automation a few years ago
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
diff --git a/hw/xquartz/darwinEvents.c b/hw/xquartz/darwinEvents.c
index 0c8e7c4..5577297 100644
--- a/hw/xquartz/darwinEvents.c
+++ b/hw/xquartz/darwinEvents.c
@@ -367,14 +367,12 @@ DarwinEQInit(void)
{
int *p;
- for (p = darwin_x11_modifier_mask_list, darwin_all_modifier_mask = 0; *p;
- p++) {
+ for (p = darwin_x11_modifier_mask_list; *p; p++) {
darwin_x11_modifier_mask |= *p;
}
- for (p = darwin_all_modifier_mask_additions,
- darwin_all_modifier_mask = darwin_x11_modifier_mask;
- *p; p++) {
+ darwin_all_modifier_mask = darwin_x11_modifier_mask;
+ for (p = darwin_all_modifier_mask_additions; *p; p++) {
darwin_all_modifier_mask |= *p;
}
@@ -387,7 +385,6 @@ DarwinEQInit(void)
*/
if (!darwinEvents) {
darwinEvents = InitEventList(GetMaximumEventsNum());
- ;
if (!darwinEvents)
FatalError("Couldn't allocate event buffer\n");
commit 3db7e332d374bf8cee581c31b7d50d7ac0509187
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Sun Oct 18 23:03:23 2015 -0700
XQuartz: Make sure that darwin_all_modifier_mask_additions is 0-terminated
Found by ASan
X.Org X Server 1.17.99.901 Build Date: 20151018
================================================================
==40471==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000101fed7a4 at pc 0x000101584030 bp 0x70000029f920 sp 0x70000029f918
READ of size 4 at 0x000101fed7a4 thread T7
#0 0x10158402f in DarwinEQInit darwinEvents.c:377
#1 0x10157f3bc in InitInput darwin.c:566
#2 0x101be87ad in dix_main main.c:268
#3 0x10159131b in server_thread quartzStartup.c:66
#4 0x7fff8a535c12 in _pthread_body (/usr/lib/system/libsystem_pthread.dylib+0x3c12)
#5 0x7fff8a535b8f in _pthread_start (/usr/lib/system/libsystem_pthread.dylib+0x3b8f)
#6 0x7fff8a533374 in thread_start (/usr/lib/system/libsystem_pthread.dylib+0x1374)
0x000101fed7a4 is located 0 bytes to the right of global variable 'darwin_all_modifier_mask_additions' defined in 'darwinEvents.c:181:12'
(0x101fed7a0) of size 4
SUMMARY: AddressSanitizer: global-buffer-overflow darwinEvents.c:377 DarwinEQInit
Shadow bytes around the buggy address:
0x1000203fdaa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000203fdab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000203fdac0: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
0x1000203fdad0: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
0x1000203fdae0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 f9 f9 f9
=>0x1000203fdaf0: f9 f9 f9 f9[04]f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x1000203fdb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000203fdb10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000203fdb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000203fdb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000203fdb40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Thread T7 created by T0 here:
#0 0x10242ee99 in wrap_pthread_create
(/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/7.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x37e99)
#1 0x101591089 in create_thread quartzStartup.c:78
#2 0x101590ed9 in QuartzInitServer quartzStartup.c:95
#3 0x1015697eb in X11ApplicationMain X11Application.m:1277
#4 0x101575dc0 in X11ControllerMain X11Controller.m:984
#5 0x10159171a in server_main quartzStartup.c:127
#6 0x101540fc0 in do_start_x11_server bundle-main.c:436
#7 0x101544869 in _Xstart_x11_server mach_startupServer.c:189
#8 0x101545c96 in mach_startup_server mach_startupServer.c:398
#9 0x7fff8d1b70f3 in mach_msg_server (/usr/lib/system/libsystem_kernel.dylib+0x110f3)
#10 0x1015416e7 in main bundle-main.c:774
#11 0x7fff8bd975ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#12 0x0 (<unknown module>)
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
diff --git a/hw/xquartz/darwinEvents.c b/hw/xquartz/darwinEvents.c
index 9bf2f14..0c8e7c4 100644
--- a/hw/xquartz/darwinEvents.c
+++ b/hw/xquartz/darwinEvents.c
@@ -178,7 +178,7 @@ static int darwin_x11_modifier_mask_list[] = {
0
};
-static int darwin_all_modifier_mask_additions[] = { NX_SECONDARYFNMASK, };
+static int darwin_all_modifier_mask_additions[] = { NX_SECONDARYFNMASK, 0 };
static void
DarwinUpdateModifiers(int pressed, // KeyPress or KeyRelease
More information about the xorg-commit
mailing list