[PATCH xserver] was: Re: Two long-standing server bugs
Thomas Klausner
wiz at netbsd.org
Wed Sep 4 11:09:18 PDT 2013
On Wed, Sep 04, 2013 at 11:13:14AM -0400, Jasper St. Pierre wrote:
> Yeah, this is how I would write it.
>
> Can you provide a patch, Alan?
I tried to make the code match Alan's suggestion, attached.
While there, I fixed a typo in the configure.ac script, also attached.
Thomas
>
> On Wed, Sep 4, 2013 at 2:30 AM, Alan Coopersmith <
> alan.coopersmith at oracle.com> wrote:
>
> > On 09/ 3/13 11:05 PM, Peter Hutterer wrote:
> > >> From 8057fc810fb2815ea4c069ac9c1bc77709afb778 Mon Sep 17 00:00:00 2001
> > >> From: Thomas Klausner <wiz at NetBSD.org>
> > >> Date: Tue, 3 Sep 2013 09:44:18 +0200
> > >> Subject: [PATCH:xserver] Fix bug in cursor handling.
> > >>
> > >> CreateCursor (Xlib call XCreatePixmapCursor) with a non-bitmap
> > >> source pixmap and a None mask is supposed to error out with BadMatch,
> > >> but didn't.
> > >>
> > >> From der Mouse <mouse at Rodents-Montreal.ORG>
> > >>
> > >> Signed-off-by: Thomas Klausner <wiz at NetBSD.org>
> > >> ---
> > >> dix/dispatch.c | 5 ++++-
> > >> 1 file changed, 4 insertions(+), 1 deletion(-)
> > >>
> > >> diff --git a/dix/dispatch.c b/dix/dispatch.c
> > >> index 51d0de2..ae3b97b 100644
> > >> --- a/dix/dispatch.c
> > >> +++ b/dix/dispatch.c
> > >> @@ -2874,9 +2874,12 @@ ProcCreateCursor(ClientPtr client)
> > >> }
> > >> else if (src->drawable.width != msk->drawable.width
> > >> || src->drawable.height != msk->drawable.height
> > >> - || src->drawable.depth != 1 || msk->drawable.depth != 1)
> > >> + || msk->drawable.depth != 1)
> > >> return BadMatch;
> > >>
> > >> + if (src->drawable.depth != 1)
> > >> + return (BadMatch);
> > >> +
> > >
> > > I'm staring hard at this and struggling to see the change. The previous
> > code
> > > already returned BadMatch for a src depth of != 1.
> >
> > I couldn't see it from the patch either, but a little more context than
> > the patch
> > includes helps:
> >
> > 2867 rc = dixLookupResourceByType((pointer *) &msk, stuff->mask,
> > RT_PIXMAP,
> > 2868 client, DixReadAccess);
> > 2869 if (rc != Success) {
> > 2870 if (stuff->mask != None) {
> > 2871 client->errorValue = stuff->mask;
> > 2872 return rc;
> > 2873 }
> > 2874 }
> > 2875 else if (src->drawable.width != msk->drawable.width
> > 2876 || src->drawable.height != msk->drawable.height
> > 2877 || src->drawable.depth != 1 || msk->drawable.depth !=
> > 1)
> > 2878 return BadMatch;
> >
> > So if stuff->mask is None, we do a resource lookup for a pixmap with that
> > id,
> > which should fail, since it's None (aka 0).
> >
> > Thus we gp into the check at 2869, but don't match the if at 2870, so don't
> > return. Since 2875 is the else clause for the if we already went into, we
> > skip over all those checks.
> >
> > The patch moves the src->drawable.depth check out of the else clause so
> > it's
> > always checked, not just in the (rc == Success) case for the mask pixmap
> > lookup.
> > It could even be moved up above the lookup of the mask pixmap, since it
> > only
> > checks against the cursor image pixmap.
> >
> > I'm not sure if there's ever a reason to try to lookup a mask id of None,
> > otherwise this might be easier to follow as:
> >
> > /* Find and validate cursor image pixmap */
> > rc = dixLookupResourceByType((pointer *) &src, stuff->source,
> > RT_PIXMAP,
> > client, DixReadAccess);
> > if (rc != Success) {
> > client->errorValue = stuff->source;
> > return rc;
> > }
> >
> > if (src->drawable.depth != 1)
> > return (BadMatch);
> >
> > /* Find and validate cursor mask pixmap, if one is provided */
> > if (stuff->mask != None) {
> > rc = dixLookupResourceByType((pointer *) &msk, stuff->mask,
> > RT_PIXMAP,
> > client, DixReadAccess);
> > if (rc != Success) {
> > client->errorValue = stuff->mask;
> > return rc;
> > }
> >
> > if (src->drawable.width != msk->drawable.width
> > || src->drawable.height != msk->drawable.height
> > || msk->drawable.depth != 1)
> > return BadMatch;
> > }
> > else
> > msk = NULL;
> >
> >
> > --
> > -Alan Coopersmith- alan.coopersmith at oracle.com
> > Oracle Solaris Engineering - http://blogs.oracle.com/alanc
> > _______________________________________________
> > xorg-devel at lists.x.org: X.Org development
> > Archives: http://lists.x.org/archives/xorg-devel
> > Info: http://lists.x.org/mailman/listinfo/xorg-devel
> >
>
>
>
> --
> Jasper
-------------- next part --------------
>From ac4558c7b5ffec3cd148e992332f3b13a2b9b35a Mon Sep 17 00:00:00 2001
From: Thomas Klausner <wiz at NetBSD.org>
Date: Wed, 4 Sep 2013 20:05:51 +0200
Subject: [PATCH:xserver 1/2] Fix bug in cursor handling.
CreateCursor (Xlib call XCreatePixmapCursor) with a non-bitmap
source pixmap and a None mask is supposed to error out with BadMatch,
but didn't.
>From der Mouse <mouse at Rodents-Montreal.ORG>, changed following
comments by Alan Coopersmith <alan.coopersmith at oracle.com>.
Signed-off-by: Thomas Klausner <wiz at NetBSD.org>
---
dix/dispatch.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 51d0de2..71fda48 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -2864,18 +2864,25 @@ ProcCreateCursor(ClientPtr client)
return rc;
}
- rc = dixLookupResourceByType((pointer *) &msk, stuff->mask, RT_PIXMAP,
- client, DixReadAccess);
- if (rc != Success) {
- if (stuff->mask != None) {
+ if (src->drawable.depth != 1)
+ return (BadMatch);
+
+ /* Find and validate cursor mask pixmap, if one is provided */
+ if (stuff->mask != None) {
+ rc = dixLookupResourceByType((pointer *) &msk, stuff->mask, RT_PIXMAP,
+ client, DixReadAccess);
+ if (rc != Success) {
client->errorValue = stuff->mask;
return rc;
}
+
+ if (src->drawable.width != msk->drawable.width
+ || src->drawable.height != msk->drawable.height
+ || src->drawable.depth != 1 || msk->drawable.depth != 1)
+ return BadMatch;
}
- else if (src->drawable.width != msk->drawable.width
- || src->drawable.height != msk->drawable.height
- || src->drawable.depth != 1 || msk->drawable.depth != 1)
- return BadMatch;
+ else
+ msk = NULL;
width = src->drawable.width;
height = src->drawable.height;
--
1.8.4
-------------- next part --------------
>From 2bd145cb6aa6ab406bf1c8a0775d9d470675efa1 Mon Sep 17 00:00:00 2001
From: Thomas Klausner <wiz at NetBSD.org>
Date: Wed, 4 Sep 2013 20:06:07 +0200
Subject: [PATCH:xserver 2/2] Fix typo in configure warning.
Signed-off-by: Thomas Klausner <wiz at NetBSD.org>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index d27ca23..5159420 100644
--- a/configure.ac
+++ b/configure.ac
@@ -47,7 +47,7 @@ XORG_WITH_XSLTPROC
XORG_ENABLE_UNIT_TESTS
XORG_LD_WRAP([optional])
-m4_ifndef([XORG_FONT_MACROS_VERSION], [m4_fatal([must install fontutil 1.1 or later before running autoconf/autogen])])
+m4_ifndef([XORG_FONT_MACROS_VERSION], [m4_fatal([must install font-util 1.1 or later before running autoconf/autogen])])
XORG_FONT_MACROS_VERSION(1.1)
dnl this gets generated by autoheader, and thus contains all the defines. we
--
1.8.4
More information about the xorg-devel
mailing list