[PATCH xserver] was: Re: Two long-standing server bugs
Jasper St. Pierre
jstpierre at mecheye.net
Wed Sep 4 08:13:14 PDT 2013
Yeah, this is how I would write it.
Can you provide a patch, Alan?
On Wed, Sep 4, 2013 at 2:30 AM, Alan Coopersmith <
alan.coopersmith at oracle.com> wrote:
> On 09/ 3/13 11:05 PM, Peter Hutterer wrote:
> >> From 8057fc810fb2815ea4c069ac9c1bc77709afb778 Mon Sep 17 00:00:00 2001
> >> From: Thomas Klausner <wiz at NetBSD.org>
> >> Date: Tue, 3 Sep 2013 09:44:18 +0200
> >> Subject: [PATCH:xserver] Fix bug in cursor handling.
> >>
> >> CreateCursor (Xlib call XCreatePixmapCursor) with a non-bitmap
> >> source pixmap and a None mask is supposed to error out with BadMatch,
> >> but didn't.
> >>
> >> From der Mouse <mouse at Rodents-Montreal.ORG>
> >>
> >> Signed-off-by: Thomas Klausner <wiz at NetBSD.org>
> >> ---
> >> dix/dispatch.c | 5 ++++-
> >> 1 file changed, 4 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/dix/dispatch.c b/dix/dispatch.c
> >> index 51d0de2..ae3b97b 100644
> >> --- a/dix/dispatch.c
> >> +++ b/dix/dispatch.c
> >> @@ -2874,9 +2874,12 @@ ProcCreateCursor(ClientPtr client)
> >> }
> >> else if (src->drawable.width != msk->drawable.width
> >> || src->drawable.height != msk->drawable.height
> >> - || src->drawable.depth != 1 || msk->drawable.depth != 1)
> >> + || msk->drawable.depth != 1)
> >> return BadMatch;
> >>
> >> + if (src->drawable.depth != 1)
> >> + return (BadMatch);
> >> +
> >
> > I'm staring hard at this and struggling to see the change. The previous
> code
> > already returned BadMatch for a src depth of != 1.
>
> I couldn't see it from the patch either, but a little more context than
> the patch
> includes helps:
>
> 2867 rc = dixLookupResourceByType((pointer *) &msk, stuff->mask,
> RT_PIXMAP,
> 2868 client, DixReadAccess);
> 2869 if (rc != Success) {
> 2870 if (stuff->mask != None) {
> 2871 client->errorValue = stuff->mask;
> 2872 return rc;
> 2873 }
> 2874 }
> 2875 else if (src->drawable.width != msk->drawable.width
> 2876 || src->drawable.height != msk->drawable.height
> 2877 || src->drawable.depth != 1 || msk->drawable.depth !=
> 1)
> 2878 return BadMatch;
>
> So if stuff->mask is None, we do a resource lookup for a pixmap with that
> id,
> which should fail, since it's None (aka 0).
>
> Thus we gp into the check at 2869, but don't match the if at 2870, so don't
> return. Since 2875 is the else clause for the if we already went into, we
> skip over all those checks.
>
> The patch moves the src->drawable.depth check out of the else clause so
> it's
> always checked, not just in the (rc == Success) case for the mask pixmap
> lookup.
> It could even be moved up above the lookup of the mask pixmap, since it
> only
> checks against the cursor image pixmap.
>
> I'm not sure if there's ever a reason to try to lookup a mask id of None,
> otherwise this might be easier to follow as:
>
> /* Find and validate cursor image pixmap */
> rc = dixLookupResourceByType((pointer *) &src, stuff->source,
> RT_PIXMAP,
> client, DixReadAccess);
> if (rc != Success) {
> client->errorValue = stuff->source;
> return rc;
> }
>
> if (src->drawable.depth != 1)
> return (BadMatch);
>
> /* Find and validate cursor mask pixmap, if one is provided */
> if (stuff->mask != None) {
> rc = dixLookupResourceByType((pointer *) &msk, stuff->mask,
> RT_PIXMAP,
> client, DixReadAccess);
> if (rc != Success) {
> client->errorValue = stuff->mask;
> return rc;
> }
>
> if (src->drawable.width != msk->drawable.width
> || src->drawable.height != msk->drawable.height
> || msk->drawable.depth != 1)
> return BadMatch;
> }
> else
> msk = NULL;
>
>
> --
> -Alan Coopersmith- alan.coopersmith at oracle.com
> Oracle Solaris Engineering - http://blogs.oracle.com/alanc
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>
--
Jasper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x.org/archives/xorg-devel/attachments/20130904/093b235f/attachment.html>
More information about the xorg-devel
mailing list