[PATCH xserver] was: Re: Two long-standing server bugs
Peter Hutterer
peter.hutterer at who-t.net
Wed Sep 4 20:47:35 PDT 2013
On Wed, Sep 04, 2013 at 02:25:02PM -0400, Jasper St. Pierre wrote:
> Reviewed-by: Jasper St. Pierre <jstpierre at mecheye.net>
thanks for the review and the patch. merged into my tree, will be upstream
soon.
Cheers,
Peter
>
>
> On Wed, Sep 4, 2013 at 2:09 PM, Thomas Klausner <wiz at netbsd.org> wrote:
>
> > On Wed, Sep 04, 2013 at 11:13:14AM -0400, Jasper St. Pierre wrote:
> > > Yeah, this is how I would write it.
> > >
> > > Can you provide a patch, Alan?
> >
> > I tried to make the code match Alan's suggestion, attached.
> >
> > While there, I fixed a typo in the configure.ac script, also attached.
> > Thomas
> >
> > >
> > > On Wed, Sep 4, 2013 at 2:30 AM, Alan Coopersmith <
> > > alan.coopersmith at oracle.com> wrote:
> > >
> > > > On 09/ 3/13 11:05 PM, Peter Hutterer wrote:
> > > > >> From 8057fc810fb2815ea4c069ac9c1bc77709afb778 Mon Sep 17 00:00:00
> > 2001
> > > > >> From: Thomas Klausner <wiz at NetBSD.org>
> > > > >> Date: Tue, 3 Sep 2013 09:44:18 +0200
> > > > >> Subject: [PATCH:xserver] Fix bug in cursor handling.
> > > > >>
> > > > >> CreateCursor (Xlib call XCreatePixmapCursor) with a non-bitmap
> > > > >> source pixmap and a None mask is supposed to error out with
> > BadMatch,
> > > > >> but didn't.
> > > > >>
> > > > >> From der Mouse <mouse at Rodents-Montreal.ORG>
> > > > >>
> > > > >> Signed-off-by: Thomas Klausner <wiz at NetBSD.org>
> > > > >> ---
> > > > >> dix/dispatch.c | 5 ++++-
> > > > >> 1 file changed, 4 insertions(+), 1 deletion(-)
> > > > >>
> > > > >> diff --git a/dix/dispatch.c b/dix/dispatch.c
> > > > >> index 51d0de2..ae3b97b 100644
> > > > >> --- a/dix/dispatch.c
> > > > >> +++ b/dix/dispatch.c
> > > > >> @@ -2874,9 +2874,12 @@ ProcCreateCursor(ClientPtr client)
> > > > >> }
> > > > >> else if (src->drawable.width != msk->drawable.width
> > > > >> || src->drawable.height != msk->drawable.height
> > > > >> - || src->drawable.depth != 1 || msk->drawable.depth !=
> > 1)
> > > > >> + || msk->drawable.depth != 1)
> > > > >> return BadMatch;
> > > > >>
> > > > >> + if (src->drawable.depth != 1)
> > > > >> + return (BadMatch);
> > > > >> +
> > > > >
> > > > > I'm staring hard at this and struggling to see the change. The
> > previous
> > > > code
> > > > > already returned BadMatch for a src depth of != 1.
> > > >
> > > > I couldn't see it from the patch either, but a little more context than
> > > > the patch
> > > > includes helps:
> > > >
> > > > 2867 rc = dixLookupResourceByType((pointer *) &msk, stuff->mask,
> > > > RT_PIXMAP,
> > > > 2868 client, DixReadAccess);
> > > > 2869 if (rc != Success) {
> > > > 2870 if (stuff->mask != None) {
> > > > 2871 client->errorValue = stuff->mask;
> > > > 2872 return rc;
> > > > 2873 }
> > > > 2874 }
> > > > 2875 else if (src->drawable.width != msk->drawable.width
> > > > 2876 || src->drawable.height != msk->drawable.height
> > > > 2877 || src->drawable.depth != 1 ||
> > msk->drawable.depth !=
> > > > 1)
> > > > 2878 return BadMatch;
> > > >
> > > > So if stuff->mask is None, we do a resource lookup for a pixmap with
> > that
> > > > id,
> > > > which should fail, since it's None (aka 0).
> > > >
> > > > Thus we gp into the check at 2869, but don't match the if at 2870, so
> > don't
> > > > return. Since 2875 is the else clause for the if we already went
> > into, we
> > > > skip over all those checks.
> > > >
> > > > The patch moves the src->drawable.depth check out of the else clause so
> > > > it's
> > > > always checked, not just in the (rc == Success) case for the mask
> > pixmap
> > > > lookup.
> > > > It could even be moved up above the lookup of the mask pixmap, since it
> > > > only
> > > > checks against the cursor image pixmap.
> > > >
> > > > I'm not sure if there's ever a reason to try to lookup a mask id of
> > None,
> > > > otherwise this might be easier to follow as:
> > > >
> > > > /* Find and validate cursor image pixmap */
> > > > rc = dixLookupResourceByType((pointer *) &src, stuff->source,
> > > > RT_PIXMAP,
> > > > client, DixReadAccess);
> > > > if (rc != Success) {
> > > > client->errorValue = stuff->source;
> > > > return rc;
> > > > }
> > > >
> > > > if (src->drawable.depth != 1)
> > > > return (BadMatch);
> > > >
> > > > /* Find and validate cursor mask pixmap, if one is provided */
> > > > if (stuff->mask != None) {
> > > > rc = dixLookupResourceByType((pointer *) &msk, stuff->mask,
> > > > RT_PIXMAP,
> > > > client, DixReadAccess);
> > > > if (rc != Success) {
> > > > client->errorValue = stuff->mask;
> > > > return rc;
> > > > }
> > > >
> > > > if (src->drawable.width != msk->drawable.width
> > > > || src->drawable.height != msk->drawable.height
> > > > || msk->drawable.depth != 1)
> > > > return BadMatch;
> > > > }
> > > > else
> > > > msk = NULL;
> > > >
> > > >
> > > > --
> > > > -Alan Coopersmith- alan.coopersmith at oracle.com
> > > > Oracle Solaris Engineering - http://blogs.oracle.com/alanc
> > > > _______________________________________________
> > > > xorg-devel at lists.x.org: X.Org development
> > > > Archives: http://lists.x.org/archives/xorg-devel
> > > > Info: http://lists.x.org/mailman/listinfo/xorg-devel
> > > >
> > >
> > >
> > >
> > > --
> > > Jasper
> >
>
>
>
> --
> Jasper
More information about the xorg-devel
mailing list