libXfont: Changes to 'master'
Jeremy Huddleston
jeremyhu at kemper.freedesktop.org
Tue May 31 04:20:11 UTC 2016
src/FreeType/ftfuncs.c | 2 +-
src/bitmap/bitscale.c | 4 ++++
src/fc/fserve.c | 8 +++-----
src/fc/fstrans.c | 2 --
4 files changed, 8 insertions(+), 8 deletions(-)
New commits:
commit 6972ea08ee5b2ef1cfbdc2fcaf14f06bbd391561
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Mon May 30 00:46:21 2016 -0700
fserve: Fix a buffer read overrun in _fs_client_access
https://bugs.freedesktop.org/show_bug.cgi?id=83224
Found by clang's Address Sanitizer
crac.num_auths = set_font_authorizations(&authorizations, &authlen,
client);
/* Work around bug in xfs versions up through modular release 1.0.8
which rejects CreateAC packets with num_auths = 0 & authlen < 4 */
if (crac.num_auths == 0) {
authorizations = padding;
authlen = 4;
} else {
authlen = (authlen + 3) & ~0x3;
}
crac.length = (sizeof (fsCreateACReq) + authlen) >> 2;
crac.acid = cur->acid;
_fs_add_req_log(conn, FS_CreateAC);
_fs_write(conn, (char *) &crac, sizeof (fsCreateACReq));
_fs_write(conn, authorizations, authlen);
In the case in the report, set_font_authorizations setup authorizations as a
34 byte buffer (and authlen set to 34 as one would expect). The following
block changed authlen to 36 to make it 4byte aligned and the final _fs_write()
caused us to read 36 bytes from this 34 byte buffer.
This changes the incorrect size increase to instead use _fs_write_pad which
takes care of the padding for us.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
commit d967caa988eaabd9e84c82879e2f21bd33b952a7
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Sun May 29 23:39:06 2016 -0700
fstrans: Remove unused foo() function
The point of it seems to have been to silence an unused function warning, but
there's no point if we're just transitioning that to another unused function
warning.
src/fc/fstrans.c:32:20: warning: unused function 'foo' [-Wunused-function]
static inline void foo(void) { (void) is_numeric("a"); }
^
1 warning generated.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Reviewed-by: Keith Packard <keithp at keithp.com>
commit e6009adbc89ec3e1f924bcb57b333c1c02f5e66d
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Sun May 29 23:37:13 2016 -0700
fserve: Silence a -Wformat warning
src/fc/fserve.c:653:32: warning: format specifies type 'int' but the argument has type 'CARD32' (aka 'unsigned long') [-Wformat]
" from font server\n", rep->length);
^~~~~~~~~~~
1 warning generated.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
commit ac559fad20bbae45332c758abb6a790c3fd341a2
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Sun May 29 23:34:35 2016 -0700
bitmap: Bail out on invalid input to FontFileMakeDir instead of calling calloc for 0 bytes
Found by clang static analysis:
Call to 'calloc' has an allocation size of 0 bytes
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
commit d0fff111992fed9d9bfbf0c19e136bda9ba1db55
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Sun May 29 23:29:50 2016 -0700
FreeType: Correct an allocation size
Found by clang static analysis:
Result of 'calloc' is converted to a pointer of type 'int', which is
incompatible with sizeof operand type 'int *'
This is likely benign because the old size was larger on any platform where
sizeof(int) <= sizeof(void *), which is everywhere.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
More information about the xorg-commit
mailing list