xorg-server: Changes to 'debian-unstable'

To: debian-x@lists.debian.org
Subject: xorg-server: Changes to 'debian-unstable'
From: Julien Cristau <jcristau@alioth.debian.org>
Date: Thu, 13 Nov 2008 22:13:03 +0000
Message-id: <[🔎] E1L0kQx-0007G1-Rm@alioth.debian.org>

 debian/changelog                          |    8 ++++++
 debian/patches/54_more-sanity-checks.diff |   40 ++++++++++++++++++++++++++++++
 debian/patches/series                     |    1 
 hw/xfree86/common/xf86Xinput.c            |    6 ++--
 4 files changed, 52 insertions(+), 3 deletions(-)

New commits:
commit 208daed7e6101cdc711e2705acf1b87952c1361c
Author: Julien Cristau <jcristau@debian.org>
Date:   Thu Nov 13 23:05:53 2008 +0100

    more sanity checks to stop vmmouse from segfaulting the server
    
    Patch stolen from Fedora (closes: #503459).

diff --git a/debian/changelog b/debian/changelog
index 2a80059..485fdf1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 xorg-server (2:1.4.2-9) UNRELEASED; urgency=low
 
   * Cherry-pick patches from upstream to make xf86ScaleAxis() work correctly.
+  * Steal patch from Fedora: more sanity checks to stop vmmouse from
+    segfaulting the server (closes: #503459).
 
  -- Julien Cristau <jcristau@debian.org>  Thu, 13 Nov 2008 22:48:41 +0100
 
diff --git a/debian/patches/54_more-sanity-checks.diff b/debian/patches/54_more-sanity-checks.diff
new file mode 100644
index 0000000..302b7d8
--- /dev/null
+++ b/debian/patches/54_more-sanity-checks.diff
@@ -0,0 +1,40 @@
+From 30c077f228f563e4e1f4115b345577d9fd393b68 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@redhat.com>
+Date: Fri, 24 Oct 2008 15:06:49 +1030
+Subject: [PATCH] dix: extra sanity-checks against potential NULL-dereferences. #434807
+
+Two minor code paths could potentially crash the server:
+- if scr is NULL, we shouldn't try to dereference it.
+- if GPE is called with buttons != 0 but the event is not a
+  ButtonPress or ButtonRelease, the button mapping may dereference a NULL
+  pointer.
+
+Admittedly the second should never happen, but better to guard against it.
+---
+ dix/getevents.c |    6 ++++++
+ 1 files changed, 6 insertions(+), 0 deletions(-)
+
+Index: xorg-server/dix/getevents.c
+===================================================================
+--- xorg-server.orig/dix/getevents.c
++++ xorg-server/dix/getevents.c
+@@ -535,6 +535,9 @@
+     ScreenPtr scr = miPointerGetScreen(pDev);
+ 
+     /* Sanity checks. */
++    if (!scr)
++        return 0;
++
+     if (type != MotionNotify && type != ButtonPress && type != ButtonRelease)
+         return 0;
+ 
+@@ -546,6 +549,9 @@
+     if (!pDev->valuator)
+         return 0;
+ 
++    if (buttons && !pDev->button)
++        return 0;
++
+     if (!coreOnly && pDev->coreEvents)
+         num_events = 2;
+     else
diff --git a/debian/patches/series b/debian/patches/series
index 5c1b515..25604c9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -27,6 +27,7 @@
 51_xevie-length.diff
 52_xevie-swap-replies.diff
 53_Properly-initialize-io.pi_sel.pc_domain-on-kfreebsd.patch
+54_more-sanity-checks.diff
 91_ttf2pt1
 91_ttf2pt1_updates
 92_xprint-security-holes-fix.patch

commit 91e635e045fd24f486859c95c53589f306a483e7
Author: Julien Cristau <jcristau@debian.org>
Date:   Thu Nov 13 22:49:08 2008 +0100

    update changelog

diff --git a/debian/changelog b/debian/changelog
index 0137782..2a80059 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xorg-server (2:1.4.2-9) UNRELEASED; urgency=low
+
+  * Cherry-pick patches from upstream to make xf86ScaleAxis() work correctly.
+
+ -- Julien Cristau <jcristau@debian.org>  Thu, 13 Nov 2008 22:48:41 +0100
+
 xorg-server (2:1.4.2-8) unstable; urgency=low
 
   * Add patch from Petr Salinger to fix PCI domain support on kfreebsd

commit 7bb02196971f038204aded1b8971315b4b2373e0
Author: Peter Hutterer <peter.hutterer@redhat.com>
Date:   Thu Oct 30 16:02:13 2008 +1030

    xfree86: fix xf86ScaleAxis once again.
    
    Maybe one day I stop doing stupid patches like
    a3a7c12fcf8e4ac1418f9ea53f76091f309a721b.
    
    So, if X < low, reset to low, and _not_ to high.
    If X > high, reset to high, and _not_ to low.
    (cherry picked from commit 4ce19b4477057a724b548e342d4c6da2b6721824)

diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c
index 23021b3..d8b05ab 100644
--- a/hw/xfree86/common/xf86Xinput.c
+++ b/hw/xfree86/common/xf86Xinput.c
@@ -738,9 +738,9 @@ xf86ScaleAxis(int	Cx,
     }
     
     if (X > Sxhigh)
-	X = Sxlow;
-    if (X < Sxlow)
 	X = Sxhigh;
+    if (X < Sxlow)
+	X = Sxlow;
     
     return (X);
 }

commit 068e68e206223aef2b6b85fc9b2468589645298a
Author: Peter Hutterer <peter@cs.unisa.edu.au>
Date:   Sun Jun 8 23:38:45 2008 +0930

    xfree86: Fix up xf86ScaleAxis
    
    Some driver still call it, so we might as well work correctly. Always
    resetting X to the Sxhigh is sub-optimal.
    (cherry picked from commit a3a7c12fcf8e4ac1418f9ea53f76091f309a721b)

diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c
index ca2be5c..23021b3 100644
--- a/hw/xfree86/common/xf86Xinput.c
+++ b/hw/xfree86/common/xf86Xinput.c
@@ -737,9 +737,9 @@ xf86ScaleAxis(int	Cx,
 	ErrorF ("Divide by Zero in xf86ScaleAxis");
     }
     
-    if (X > Sxlow)
+    if (X > Sxhigh)
 	X = Sxlow;
-    if (X < Sxhigh)
+    if (X < Sxlow)
 	X = Sxhigh;
     
     return (X);

Reply to:

Prev by Date: Bug#505588: xserver-xorg-input-evdev: Middle click is send when changing from console to X
Next by Date: Processed: Re: Bug#503459: xserver-xorg-input-vmmouse: activating vmmouse lets X server die on startup
Previous by thread: xorg-server: Changes to 'debian-unstable'
Next by thread: xorg-server: Changes to 'debian-unstable'
Index(es):
- Date
- Thread