xorg-server: Changes to 'debian-unstable'
ChangeLog | 279 ++++++++++++++++++++++++++++++++++++++++
Xext/xace.c | 170 ++++++++++--------------
debian/changelog | 10 +
debian/rules | 2
doc/Xserver.man.pre | 26 +--
exa/exa_classic.c | 3
fb/fbbits.h | 2
hw/xfree86/common/xf86RandR.c | 4
hw/xfree86/ddc/interpret_edid.c | 2
hw/xfree86/parser/Input.c | 7 -
os/access.c | 14 +-
render/render.c | 8 +
xkb/xkbUtils.c | 4
13 files changed, 405 insertions(+), 126 deletions(-)
New commits:
commit 075b992f33456261852599171c41272baed458b9
Author: Julien Cristau <jcristau@debian.org>
Date: Tue Aug 24 16:04:08 2010 +0200
Prepare changelog for upload
diff --git a/debian/changelog b/debian/changelog
index b41d8ce..3500ddd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-xorg-server (2:1.7.7-4) UNRELEASED; urgency=low
+xorg-server (2:1.7.7-4) unstable; urgency=low
* Set default xkb rules to evdev on linux, to work around a wrong default in
configure.ac and an Xorg issue where it reverts to the default on reset.
@@ -6,7 +6,7 @@ xorg-server (2:1.7.7-4) UNRELEASED; urgency=low
* Pull from server-1.7-nominations (commit 4c313472)
- fb: make isClipped always reject negative coordinates (closes: #320627)
- -- Julien Cristau <jcristau@debian.org> Tue, 24 Aug 2010 14:51:54 +0200
+ -- Julien Cristau <jcristau@debian.org> Tue, 24 Aug 2010 16:03:30 +0200
xorg-server (2:1.7.7-3) unstable; urgency=low
commit 5d6d43886a25ce9afe62782f4e2a39356b17f1df
Author: Julien Cristau <jcristau@debian.org>
Date: Tue Aug 24 15:30:36 2010 +0200
Update changelogs
diff --git a/ChangeLog b/ChangeLog
index 55f6608..0d9747d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,282 @@
+commit 4c313472c45de171efb76231e7c7f323aa4eda3f
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Thu May 20 17:56:26 2010 -0700
+
+ Xserver(1) man page updates
+
+ - Note that -br is now default.
+ - Move -bs after -br for alphabetical ordering.
+ - Remove -config option that's been hidden in "ignore" section,
+ since ajax removed the -config code a couple years back.
+ - Add -nocursor option.
+ - Add xinput & xrandr to list of runtime server control programs
+ - Replace XDarwin with Xquartz in list of Xservers
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Reviewed-by: Adam Jackson <ajax@redhat.com>
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+ (cherry picked from commit 7b09335a46f9428141811230c69eef7968531359)
+
+commit 7787526a715a3179085bdc70110f5102a02706e3
+Author: Simon Farnsworth <simon.farnsworth@onelan.com>
+Date: Tue Jun 22 10:13:30 2010 +0100
+
+ Don't crash when asked if a client that has disconnected was local
+
+ ProcDRI2Dispatch uses LocalClient to determine if it's safe to respond
+ to a client that has made DRI2 requests which aren't sensible for
+ remote clients (anything but version). When the client has disappeared
+ mid-request stream (e.g. as a result of a kill -9, or a client-side
+ bug), LocalClient causes the X server to follow suit, as
+ ((OsCommPtr)client->osPrivate)->trans_conn is NULL at this point.
+
+ The simple and obvious fix is to just return "not local" when
+ trans_conn is NULL, which fixes the crash I was seeing; however Keith
+ Packard pointed out that just checking trans_conn isn't enough;
+ quoting Keith:
+
+ "This looks almost right to me -- I reviewed the os code to see when
+ _XSERVTransClose is called (which is what frees the trans_conn data) and
+ found that every place which called that immediately set trans_conn to
+ NULL, except for the call in CloseDownFileDescriptor which is only
+ called from CloseDownConnection and which is immediately followed by
+ freeing the OsCommRec and setting client->osPrivate to NULL. So, I'd
+ suggest checking client->osPrivate in addition to the above check."
+
+ Signed-off-by: Simon Farnsworth <simon.farnsworth@onelan.com>
+ Reviewed-by: Keith Packard <keithp@keithp.com>
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+ (cherry picked from commit 660f6ab5494a728c3ca7ba00c305e9ff06c8ecb2)
+
+commit e1cf1e88bb527d48f7bdea5fc0091a1bd651acec
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Thu Apr 29 18:45:34 2010 -0700
+
+ Fix compiler issues with getifaddrs() call on OpenSolaris
+
+ OpenSolaris recently added support for the getifaddrs() API.
+
+ Building with that uncovered two compiler issues (one warning, one error)
+ in the code that was now being built for the first time in our builds:
+
+ "access.c", line 768: warning: argument #1 is incompatible with prototype:
+ prototype: pointer to struct sockaddr {unsigned short sa_family, array[14] of char sa_data} : "access.c", line 213
+ argument : pointer to struct sockaddr_storage {unsigned short ss_family, array[6] of char _ss_pad1, double _ss_align, array[240] of char _ss_pad2}
+
+ "access.c", line 838: assignment type mismatch:
+ struct sockaddr {unsigned short sa_family, array[14] of char sa_data} "=" struct sockaddr_storage {unsigned short ss_family, array[6] of char _ss_pad1, double _ss_align, array[240] of char _ss_pad2}
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Reviewed-by: Jamey Sharp <jamey@minilop.net>
+ (cherry picked from commit e42a29d269fadc11e065c63ee369e3165196f2d7)
+
+commit c4717321c01678209ea5c7215d31556f6eadb798
+Author: Jesse Adkins <jesserayadkins@gmail.com>
+Date: Wed Aug 4 23:39:14 2010 -0700
+
+ xfree86: parser: Never use constant strings for driver names (fixes #17438)
+
+ When the parser sees the "keyboard" driver, it automatically (and
+ silently) replaces it with the constant string "kbd".
+ Everybody else uses malloc'd memory for the driver name, so input
+ device closure assumes it can use free.
+ Free val.str, so this crash doesn't turn into a memory leak. Whew.
+
+ Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>
+ Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+ Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+ (cherry picked from commit bce12f2956f23c0ee53f7f6485dba631293a0931)
+
+commit 7c544986656713b5bbdb936bb7c3cb5a83d9f833
+Author: Keith Packard <keithp@keithp.com>
+Date: Fri Aug 20 10:01:48 2010 -0700
+
+ fb: make isClipped always reject negative coordinates (bug 11503)
+
+ A window with either dimension > 32767 can be positioned such that
+ coordinates > 32767 are visible on the screen. Attempts to draw to
+ those pixels will generate coordinates wrapped around to negative
+ values.
+
+ The optimized clipping macro, 'isClipped', in fbbits.h, computes
+ clipping in window space rather than screen space using int16 values,
+ and so it too has coordinates wrapped around to negative values and
+ hence ends up accepting the wrapped drawing coordinates.
+
+ Two possible fixes for this problem
+
+ 1) Detect wrapped region coordinates and clip those to 32767.
+ 2) Detect negative incoming coordinates and reject those
+
+ This patch takes the second approach as it is much shorter, simply
+ detecting when either X or Y incoming coordinate is negative, which
+ can never be 'within' any drawable.
+
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+ Reviewed-by: Adam Jackson <ajax@redhat.com>
+ (cherry picked from commit 3e56efcfb63677cd8574e1e435e61d96f79ea536)
+
+commit f43e105ee8741c8be49a602b08752f2390f094f7
+Author: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Fri Aug 20 13:51:04 2010 +0100
+
+ edid: Adjust rounding of max_clock
+
+ A simple hack to accommodate various EDID who have detailed modes that
+ exceed the EDID's max pixel clock. The pixel clock is only defined in
+ units of 10MHz and often appears as the maximum pixel code of the
+ detailed modes, rounded to the nearest 10MHz. Adjusting the max_clock to
+ include an extra 5MHz prevents the parser from rejecting the detailed
+ modes.
+
+ The kernel uses the same fuzz and by including it in X we can use the
+ same modes in X as for the console.
+
+ Fixes:
+
+ Bug 23833 - X uses different refresh rate to that set by kernel module
+ https://bugs.freedesktop.org/show_bug.cgi?id=23833
+
+ In the future, we will want to try harder to keep the KMS modes but at
+ the same time we need to apply the restrictions as specified by the
+ user's configuration, and need to fill in modes for fullscreen games on
+ fixed-mode panels.
+
+ Reported-and-tested-by: Fabio Pedretti <fabio.ped@libero.it>
+ Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+ Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+ (cherry picked from commit 951605b4660290044fb238bcf1d6d9e498567e8c)
+
+commit d5248f036470150bd68148755b47abbbae3bfb33
+Author: Adam Jackson <ajax@redhat.com>
+Date: Mon Jun 28 18:08:50 2010 -0400
+
+ render: Bounds check for nglyphs in ProcRenderAddGlyphs (#28801)
+
+ Signed-off-by: Adam Jackson <ajax@redhat.com>
+ Reviewed-by: Julien Cristau <jcristau@debian.org>
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+ (cherry picked from commit 5725849a1b427cd4a72b84e57f211edb35838718)
+
+commit 845f0bb1b941e770d88c40afe029e2fedd8655d9
+Author: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Tue Aug 10 19:30:20 2010 +0100
+
+ xace: Invalid reference to out-of-scope data.
+
+ The callback data passed by reference to the hook was allocated on stack
+ within the scope of the case statement. The compiler is free to reuse
+ any of that stack space whilst making the function call so we may end up
+ passing garbage into the callback.
+
+ References:
+
+ Bug 18451 - Xorg server 1.5.2 SEGV during XFixesGetCursorImage()
+ https://bugs.freedesktop.org/show_bug.cgi?id=18451
+
+ v2: Drop the unrelated hunk that snuck in when ammending the commit
+ message.
+
+ Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+ Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+ (cherry picked from commit 6dae7f3792611aace1df0cca63bf50c50d93de43)
+
+commit f07fc1461d38c8228d1bacf3d19932cac7bacddd
+Author: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Fri Jun 11 10:12:52 2010 +1000
+
+ xkb: fix invalid memory writes in _XkbCopyGeom.
+
+ Classic strlen/strcpy mistake of
+ foo = malloc(strlen(bar));
+ strcpy(foo, bar);
+
+ Testcase: valgrind Xephyr :1
+
+ ==8591== Invalid write of size 1
+ ==8591== at 0x4A0638F: strcpy (mc_replace_strmem.c:311)
+ ==8591== by 0x605593: _XkbCopyGeom (xkbUtils.c:1994)
+ ==8591== by 0x605973: XkbCopyKeymap (xkbUtils.c:2118)
+ ==8591== by 0x6122B3: InitKeyboardDeviceStruct (xkbInit.c:560)
+ ==8591== by 0x4472E2: CoreKeyboardProc (devices.c:577)
+ ==8591== by 0x447162: ActivateDevice (devices.c:530)
+ ==8591== by 0x4475D6: InitCoreDevices (devices.c:672)
+ ==8591== by 0x4449EE: main (main.c:254)
+ ==8591== Address 0x6f96505 is 0 bytes after a block of size 53 alloc'd
+ ==8591== at 0x4A0515D: malloc (vg_replace_malloc.c:195)
+ ==8591== by 0x6054B7: _XkbCopyGeom (xkbUtils.c:1980)
+ ==8591== by 0x605973: XkbCopyKeymap (xkbUtils.c:2118)
+ ==8591== by 0x6122B3: InitKeyboardDeviceStruct (xkbInit.c:560)
+ ==8591== by 0x4472E2: CoreKeyboardProc (devices.c:577)
+ ==8591== by 0x447162: ActivateDevice (devices.c:530)
+ ==8591== by 0x4475D6: InitCoreDevices (devices.c:672)
+ ==8591== by 0x4449EE: main (main.c:254)
+
+ Reported-by: Dave Airlie <airlied@redhat.com>
+ Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+ Reviewed-by-and-apologised-for: Daniel Stone <daniel@fooishbar.org>
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+ (cherry picked from commit 7f19a7a6e90a4fd7b7ec0256974f62e575218541)
+
+ Conflicts:
+
+ xkb/xkbUtils.c
+ (cherry picked from commit f85552aa452d5f575fee9f6031a33ca79bdc3cc8)
+
+ Signed-off-by: Julien Cristau <jcristau@debian.org>
+
+commit b9638391394d1f4797b5421fa4ccbe9d194eee5a
+Author: Pierre-Loup A. Griffais <pgriffais@nvidia.com>
+Date: Wed Apr 21 18:11:05 2010 -0700
+
+ xf86: Don't crash when switching modes through RandR without owning the VT.
+
+ While VT-switched, FB access is disabled and should remain so. Trying to switch
+ modes in that state would re-enable it, potentially causing crashes if trying
+ to access it before the driver has recovered from the mode switch.
+
+ Signed-off-by: Pierre-Loup A. Griffais <pgriffais@nvidia.com>
+ Reviewed-by: Adam Jackson <ajax@redhat.com>
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+ (cherry picked from commit 41bdb6c003cca3ef0ff88d9c7de318115bab1ba2)
+
+ Signed-off-by: Julien Cristau <jcristau@debian.org>
+
+commit 5154dede3d53151f4bed43b0e1626abf64b91fc5
+Author: Éric Piel <E.A.B.Piel@tudelft.nl>
+Date: Fri Jun 11 09:16:32 2010 -0700
+
+ exa: fix ExaCheckCopyNtoN for exa_classic when source = dest
+
+ In case you want to copy a region with source = dest, you have the same pixmap
+ as source and dest.
+
+ At the end of exaPixmapIsOffscreen_classic() the devPrivate.ptr is reset to
+ NULL (look at the sources).
+
+ Now this is what happens in ExaCheckCopyNtoN:
+
+ exaPrepareAccess( pDst );
+ Calls IsOffscreen()
+ sets devPrivate.ptr to NULL
+ sets up devPrivate.ptr to real pointer
+ Everything OK
+ exaPrepareAccess( pSrc );
+ Calls IsOffscreen()
+ sets devPrivate.ptr to NULL
+ BAILS OUT CAUSE OF NESTED OPERATION SINCE DST EQUALS SRC
+
+ We end up with devPrivate.ptr as NULL, and that is clearly wrong.
+
+ In particular this fixes a segfault when using the psb driver (bug 28077)
+
+ Signed-off-by: Éric Piel <eric.piel@tremplin-utc.net>
+ Reviewed-by: Michel Dänzer <michel@daenzer.net>
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+ (cherry picked from commit 7e8f1001217326cc451974bacf25275420c4bb4e)
+
commit f44ebbd3d52fa0dfdc51f6635721592b70affb6e
Author: Cyril Brulebois <kibi@debian.org>
Date: Mon Mar 1 02:11:36 2010 +0100
diff --git a/debian/changelog b/debian/changelog
index ed0c9dc..b41d8ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ xorg-server (2:1.7.7-4) UNRELEASED; urgency=low
* Set default xkb rules to evdev on linux, to work around a wrong default in
configure.ac and an Xorg issue where it reverts to the default on reset.
Thanks to Bastian Blank for the report.
+ * Pull from server-1.7-nominations (commit 4c313472)
+ - fb: make isClipped always reject negative coordinates (closes: #320627)
-- Julien Cristau <jcristau@debian.org> Tue, 24 Aug 2010 14:51:54 +0200
commit 6674d622ca189405ca4a74d0c6ff8ecdb63bc8c4
Author: Julien Cristau <jcristau@debian.org>
Date: Tue Aug 24 14:53:22 2010 +0200
Set default xkb rules to evdev on linux
Works around a wrong default in configure.ac and an Xorg issue where it
reverts to the default on reset. Thanks to Bastian Blank for the report.
diff --git a/debian/changelog b/debian/changelog
index 68d5d50..ed0c9dc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+xorg-server (2:1.7.7-4) UNRELEASED; urgency=low
+
+ * Set default xkb rules to evdev on linux, to work around a wrong default in
+ configure.ac and an Xorg issue where it reverts to the default on reset.
+ Thanks to Bastian Blank for the report.
+
+ -- Julien Cristau <jcristau@debian.org> Tue, 24 Aug 2010 14:51:54 +0200
+
xorg-server (2:1.7.7-3) unstable; urgency=low
[ Julien Cristau ]
diff --git a/debian/rules b/debian/rules
index ec402ba..13f7a94 100755
--- a/debian/rules
+++ b/debian/rules
@@ -47,6 +47,7 @@ endif
ifeq ($(DEB_HOST_ARCH_OS), linux)
build_xfbdev = --enable-xfbdev
selinux = --enable-xselinux
+ xkbrules = --with-default-xkb-rules=evdev
else
build_xfbdev = --disable-xfbdev
selinux = --disable-xselinux
@@ -92,6 +93,7 @@ confflags += \
--with-builderstring="$(SOURCE_NAME) $(SOURCE_VERSION) ($(BUILDER))" \
--with-xkb-path=/usr/share/X11/xkb \
--with-xkb-output=/var/lib/xkb \
+ $(xkbrules) \
--disable-builddocs \
--disable-install-libxf86config \
--disable-null-root-cursor \
commit 4c313472c45de171efb76231e7c7f323aa4eda3f
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Thu May 20 17:56:26 2010 -0700
Xserver(1) man page updates
- Note that -br is now default.
- Move -bs after -br for alphabetical ordering.
- Remove -config option that's been hidden in "ignore" section,
since ajax removed the -config code a couple years back.
- Add -nocursor option.
- Add xinput & xrandr to list of runtime server control programs
- Replace XDarwin with Xquartz in list of Xservers
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 7b09335a46f9428141811230c69eef7968531359)
diff --git a/doc/Xserver.man.pre b/doc/Xserver.man.pre
index 6154191..d225c26 100644
--- a/doc/Xserver.man.pre
+++ b/doc/Xserver.man.pre
@@ -100,12 +100,12 @@ specifies a file which contains a collection of authorization records used
to authenticate access. See also the \fIxdm\fP(1) and
\fIXsecurity\fP(__miscmansuffix__) manual pages.
.TP 8
-.B \-bs
-disables backing store support on all screens.
-.TP 8
.B \-br
sets the default root window to solid black instead of the standard root weave
-pattern.
+pattern. This is the default unless -retro or -wr is specified.
+.TP 8
+.B \-bs
+disables backing store support on all screens.
.TP 8
.B \-c
turns off key-click.
@@ -117,17 +117,6 @@ sets key-click volume (allowable range: 0-100).
sets the visual class for the root window of color screens.
The class numbers are as specified in the X protocol.
Not obeyed by all servers.
-.ig
-.TP 8
-.B \-config \fIfilename\fP
-reads more options from the given file. Options in the file may be separated
-by newlines if desired. If a '#' character appears on a line, all characters
-between it and the next newline are ignored, providing a simple commenting
-facility. The \fB\-config\fP option itself may appear in the file.
-.BR NOTE :
-This option is disabled when the Xserver is run with an effective uid
-different from the user's real uid.
-..
.TP 8
.B \-core
causes the server to generate a core dump on fatal errors.
@@ -184,6 +173,9 @@ sets the maximum big request to
.I size
MB.
.TP 8
+.B \-nocursor
+disable the display of the pointer cursor.
+.TP 8
.B \-nolisten \fItrans-type\fP
disables a transport type. For example, TCP/IP connections can be disabled
with
@@ -584,11 +576,11 @@ Security: \fIXsecurity\fP(__miscmansuffix__), \fIxauth\fP(1), \fIXau\fP(1),
Starting the server: \fIstartx\fP(1), \fIxdm\fP(1), \fIxinit\fP(1)
.PP
Controlling the server once started: \fIxset\fP(1), \fIxsetroot\fP(1),
-\fIxhost\fP(1)
+\fIxhost\fP(1), \fIxinput\fP(1), \fIxrandr\fP(1)
.PP
Server-specific man pages:
\fIXorg\fP(1), \fIXdmx\fP(1), \fIXephyr\fP(1), \fIXnest\fP(1),
-\fIXvfb\fP(1), \fIXDarwin\fP(1), \fIXWin\fP(1).
+\fIXvfb\fP(1), \fIXquartz\fP(1), \fIXWin\fP(1).
.PP
Server internal documentation:
.I "Definition of the Porting Layer for the X v11 Sample Server"
commit 7787526a715a3179085bdc70110f5102a02706e3
Author: Simon Farnsworth <simon.farnsworth@onelan.com>
Date: Tue Jun 22 10:13:30 2010 +0100
Don't crash when asked if a client that has disconnected was local
ProcDRI2Dispatch uses LocalClient to determine if it's safe to respond
to a client that has made DRI2 requests which aren't sensible for
remote clients (anything but version). When the client has disappeared
mid-request stream (e.g. as a result of a kill -9, or a client-side
bug), LocalClient causes the X server to follow suit, as
((OsCommPtr)client->osPrivate)->trans_conn is NULL at this point.
The simple and obvious fix is to just return "not local" when
trans_conn is NULL, which fixes the crash I was seeing; however Keith
Packard pointed out that just checking trans_conn isn't enough;
quoting Keith:
"This looks almost right to me -- I reviewed the os code to see when
_XSERVTransClose is called (which is what frees the trans_conn data) and
found that every place which called that immediately set trans_conn to
NULL, except for the call in CloseDownFileDescriptor which is only
called from CloseDownConnection and which is immediately followed by
freeing the OsCommRec and setting client->osPrivate to NULL. So, I'd
suggest checking client->osPrivate in addition to the above check."
Signed-off-by: Simon Farnsworth <simon.farnsworth@onelan.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 660f6ab5494a728c3ca7ba00c305e9ff06c8ecb2)
diff --git a/os/access.c b/os/access.c
index 3572da0..859f32e 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1123,6 +1123,11 @@ Bool LocalClient(ClientPtr client)
pointer addr;
register HOST *host;
+ if (!client->osPrivate)
+ return FALSE;
+ if (!((OsCommPtr)client->osPrivate)->trans_conn)
+ return FALSE;
+
if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn,
¬used, &alen, &from))
{
commit e1cf1e88bb527d48f7bdea5fc0091a1bd651acec
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Thu Apr 29 18:45:34 2010 -0700
Fix compiler issues with getifaddrs() call on OpenSolaris
OpenSolaris recently added support for the getifaddrs() API.
Building with that uncovered two compiler issues (one warning, one error)
in the code that was now being built for the first time in our builds:
"access.c", line 768: warning: argument #1 is incompatible with prototype:
prototype: pointer to struct sockaddr {unsigned short sa_family, array[14] of char sa_data} : "access.c", line 213
argument : pointer to struct sockaddr_storage {unsigned short ss_family, array[6] of char _ss_pad1, double _ss_align, array[240] of char _ss_pad2}
"access.c", line 838: assignment type mismatch:
struct sockaddr {unsigned short sa_family, array[14] of char sa_data} "=" struct sockaddr_storage {unsigned short ss_family, array[6] of char _ss_pad1, double _ss_align, array[240] of char _ss_pad2}
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
(cherry picked from commit e42a29d269fadc11e065c63ee369e3165196f2d7)
diff --git a/os/access.c b/os/access.c
index 74c340a..3572da0 100644
--- a/os/access.c
+++ b/os/access.c
@@ -765,7 +765,8 @@ DefineSelf (int fd)
continue;
#endif /* DNETCONN */
len = sizeof(*(ifr->ifa_addr));
- family = ConvertAddr(ifr->ifa_addr, &len, (pointer *)&addr);
+ family = ConvertAddr((struct sockaddr *) ifr->ifa_addr, &len,
+ (pointer *)&addr);
if (family == -1 || family == FamilyLocal)
continue;
#if defined(IPv6) && defined(AF_INET6)
@@ -789,7 +790,6 @@ DefineSelf (int fd)
}
#ifdef XDMCP
{
- struct sockaddr broad_addr;
/*
* If this isn't an Internet Address, don't register it.
*/
@@ -835,11 +835,10 @@ DefineSelf (int fd)
if ((ifr->ifa_flags & IFF_BROADCAST) &&
(ifr->ifa_flags & IFF_UP) &&
ifr->ifa_broadaddr)
- broad_addr = *ifr->ifa_broadaddr;
+ XdmcpRegisterBroadcastAddress(
+ (struct sockaddr_in *) ifr->ifa_broadaddr);
else
continue;
- XdmcpRegisterBroadcastAddress((struct sockaddr_in *)
- &broad_addr);
}
#endif /* XDMCP */
commit c4717321c01678209ea5c7215d31556f6eadb798
Author: Jesse Adkins <jesserayadkins@gmail.com>
Date: Wed Aug 4 23:39:14 2010 -0700
xfree86: parser: Never use constant strings for driver names (fixes #17438)
When the parser sees the "keyboard" driver, it automatically (and
silently) replaces it with the constant string "kbd".
Everybody else uses malloc'd memory for the driver name, so input
device closure assumes it can use free.
Free val.str, so this crash doesn't turn into a memory leak. Whew.
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit bce12f2956f23c0ee53f7f6485dba631293a0931)
diff --git a/hw/xfree86/parser/Input.c b/hw/xfree86/parser/Input.c
index 4e3c04e..953215b 100644
--- a/hw/xfree86/parser/Input.c
+++ b/hw/xfree86/parser/Input.c
@@ -59,6 +59,7 @@
#include <xorg-config.h>
#endif
+#include "os.h"
#include "xf86Parser.h"
#include "xf86tokens.h"
#include "Configint.h"
@@ -102,8 +103,10 @@ xf86parseInputSection (void)
case DRIVER:
if (xf86getSubToken (&(ptr->inp_comment)) != STRING)
Error (QUOTE_MSG, "Driver");
- if (strcmp(val.str, "keyboard") == 0)
- ptr->inp_driver = "kbd";
+ if (strcmp(val.str, "keyboard") == 0) {
+ ptr->inp_driver = strdup("kbd");
+ free(val.str);
+ }
else
ptr->inp_driver = val.str;
break;
commit 7c544986656713b5bbdb936bb7c3cb5a83d9f833
Author: Keith Packard <keithp@keithp.com>
Date: Fri Aug 20 10:01:48 2010 -0700
fb: make isClipped always reject negative coordinates (bug 11503)
A window with either dimension > 32767 can be positioned such that
coordinates > 32767 are visible on the screen. Attempts to draw to
those pixels will generate coordinates wrapped around to negative
values.
The optimized clipping macro, 'isClipped', in fbbits.h, computes
clipping in window space rather than screen space using int16 values,
and so it too has coordinates wrapped around to negative values and
hence ends up accepting the wrapped drawing coordinates.
Two possible fixes for this problem
1) Detect wrapped region coordinates and clip those to 32767.
2) Detect negative incoming coordinates and reject those
This patch takes the second approach as it is much shorter, simply
detecting when either X or Y incoming coordinate is negative, which
can never be 'within' any drawable.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 3e56efcfb63677cd8574e1e435e61d96f79ea536)
diff --git a/fb/fbbits.h b/fb/fbbits.h
index 44991f1..b8af785 100644
--- a/fb/fbbits.h
+++ b/fb/fbbits.h
@@ -25,7 +25,7 @@
* underlying datatypes instead of masks
*/
-#define isClipped(c,ul,lr) ((((c) - (ul)) | ((lr) - (c))) & 0x80008000)
+#define isClipped(c,ul,lr) (((c) | ((c) - (ul)) | ((lr) - (c))) & 0x80008000)
#ifdef HAVE_DIX_CONFIG_H
#include <dix-config.h>
commit f43e105ee8741c8be49a602b08752f2390f094f7
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Fri Aug 20 13:51:04 2010 +0100
edid: Adjust rounding of max_clock
A simple hack to accommodate various EDID who have detailed modes that
exceed the EDID's max pixel clock. The pixel clock is only defined in
units of 10MHz and often appears as the maximum pixel code of the
detailed modes, rounded to the nearest 10MHz. Adjusting the max_clock to
include an extra 5MHz prevents the parser from rejecting the detailed
modes.
The kernel uses the same fuzz and by including it in X we can use the
same modes in X as for the console.
Fixes:
Bug 23833 - X uses different refresh rate to that set by kernel module
https://bugs.freedesktop.org/show_bug.cgi?id=23833
In the future, we will want to try harder to keep the KMS modes but at
the same time we need to apply the restrictions as specified by the
user's configuration, and need to fill in modes for fullscreen games on
fixed-mode panels.
Reported-and-tested-by: Fabio Pedretti <fabio.ped@libero.it>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 951605b4660290044fb238bcf1d6d9e498567e8c)
diff --git a/hw/xfree86/ddc/interpret_edid.c b/hw/xfree86/ddc/interpret_edid.c
index 12a5254..f48ed52 100644
--- a/hw/xfree86/ddc/interpret_edid.c
+++ b/hw/xfree86/ddc/interpret_edid.c
@@ -385,7 +385,7 @@ get_monitor_ranges(Uchar *c, struct monitor_ranges *r)
r->max_h = MAX_H;
r->max_clock = 0;
if(MAX_CLOCK != 0xff) /* is specified? */
- r->max_clock = MAX_CLOCK * 10;
+ r->max_clock = MAX_CLOCK * 10 + 5;
if (HAVE_2ND_GTF) {
r->gtf_2nd_f = F_2ND_GTF;
r->gtf_2nd_c = C_2ND_GTF;
commit d5248f036470150bd68148755b47abbbae3bfb33
Author: Adam Jackson <ajax@redhat.com>
Date: Mon Jun 28 18:08:50 2010 -0400
render: Bounds check for nglyphs in ProcRenderAddGlyphs (#28801)
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 5725849a1b427cd4a72b84e57f211edb35838718)
diff --git a/render/render.c b/render/render.c
index 3f7edf7..b78c75b 100644
--- a/render/render.c
+++ b/render/render.c
@@ -1085,6 +1085,14 @@ ProcRenderAddGlyphs (ClientPtr client)
gi = (xGlyphInfo *) (gids + nglyphs);
bits = (CARD8 *) (gi + nglyphs);
remain -= (sizeof (CARD32) + sizeof (xGlyphInfo)) * nglyphs;
+
+ /* protect against bad nglyphs */
+ if (gi < stuff || gi > ((CARD32 *)stuff + client->req_len) ||
+ bits < stuff || bits > ((CARD32 *)stuff + client->req_len)) {
+ err = BadLength;
+ goto bail;
+ }
+
for (i = 0; i < nglyphs; i++)
{
size_t padded_width;
commit 845f0bb1b941e770d88c40afe029e2fedd8655d9
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Tue Aug 10 19:30:20 2010 +0100
xace: Invalid reference to out-of-scope data.
The callback data passed by reference to the hook was allocated on stack
within the scope of the case statement. The compiler is free to reuse
any of that stack space whilst making the function call so we may end up
passing garbage into the callback.
References:
Bug 18451 - Xorg server 1.5.2 SEGV during XFixesGetCursorImage()
https://bugs.freedesktop.org/show_bug.cgi?id=18451
v2: Drop the unrelated hunk that snuck in when ammending the commit
message.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 6dae7f3792611aace1df0cca63bf50c50d93de43)
diff --git a/Xext/xace.c b/Xext/xace.c
index bf0e98f..414eb4a 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -87,7 +87,18 @@ void XaceHookAuditEnd(ClientPtr ptr, int result)
*/
int XaceHook(int hook, ...)
{
- pointer calldata; /* data passed to callback */
+ union {
+ XaceResourceAccessRec res;
+ XaceDeviceAccessRec dev;
+ XaceSendAccessRec send;
+ XaceReceiveAccessRec recv;
+ XaceClientAccessRec client;
+ XaceExtAccessRec ext;
+ XaceServerAccessRec server;
+ XaceScreenAccessRec screen;
+ XaceAuthAvailRec auth;
+ XaceKeyAvailRec key;
+ } u;
int *prv = NULL; /* points to return value from callback */
va_list ap; /* argument list */
va_start(ap, hook);
@@ -99,117 +110,86 @@ int XaceHook(int hook, ...)
*/
switch (hook)
{
- case XACE_RESOURCE_ACCESS: {
- XaceResourceAccessRec rec;
- rec.client = va_arg(ap, ClientPtr);
- rec.id = va_arg(ap, XID);
- rec.rtype = va_arg(ap, RESTYPE);
- rec.res = va_arg(ap, pointer);
- rec.ptype = va_arg(ap, RESTYPE);
- rec.parent = va_arg(ap, pointer);
- rec.access_mode = va_arg(ap, Mask);
- rec.status = Success; /* default allow */
- calldata = &rec;
- prv = &rec.status;
+ case XACE_RESOURCE_ACCESS:
+ u.res.client = va_arg(ap, ClientPtr);
+ u.res.id = va_arg(ap, XID);
+ u.res.rtype = va_arg(ap, RESTYPE);
+ u.res.res = va_arg(ap, pointer);
+ u.res.ptype = va_arg(ap, RESTYPE);
+ u.res.parent = va_arg(ap, pointer);
+ u.res.access_mode = va_arg(ap, Mask);
+ u.res.status = Success; /* default allow */
+ prv = &u.res.status;
break;
- }
- case XACE_DEVICE_ACCESS: {
- XaceDeviceAccessRec rec;
- rec.client = va_arg(ap, ClientPtr);
- rec.dev = va_arg(ap, DeviceIntPtr);
- rec.access_mode = va_arg(ap, Mask);
- rec.status = Success; /* default allow */
- calldata = &rec;
- prv = &rec.status;
+ case XACE_DEVICE_ACCESS:
+ u.dev.client = va_arg(ap, ClientPtr);
+ u.dev.dev = va_arg(ap, DeviceIntPtr);
+ u.dev.access_mode = va_arg(ap, Mask);
+ u.dev.status = Success; /* default allow */
+ prv = &u.dev.status;
break;
- }
- case XACE_SEND_ACCESS: {
- XaceSendAccessRec rec;
- rec.client = va_arg(ap, ClientPtr);
- rec.dev = va_arg(ap, DeviceIntPtr);
- rec.pWin = va_arg(ap, WindowPtr);
- rec.events = va_arg(ap, xEventPtr);
- rec.count = va_arg(ap, int);
- rec.status = Success; /* default allow */
- calldata = &rec;
- prv = &rec.status;
+ case XACE_SEND_ACCESS:
+ u.send.client = va_arg(ap, ClientPtr);
+ u.send.dev = va_arg(ap, DeviceIntPtr);
+ u.send.pWin = va_arg(ap, WindowPtr);
+ u.send.events = va_arg(ap, xEventPtr);
+ u.send.count = va_arg(ap, int);
+ u.send.status = Success; /* default allow */
+ prv = &u.send.status;
break;
- }
- case XACE_RECEIVE_ACCESS: {
- XaceReceiveAccessRec rec;
- rec.client = va_arg(ap, ClientPtr);
- rec.pWin = va_arg(ap, WindowPtr);
- rec.events = va_arg(ap, xEventPtr);
- rec.count = va_arg(ap, int);
- rec.status = Success; /* default allow */
- calldata = &rec;
- prv = &rec.status;
+ case XACE_RECEIVE_ACCESS:
+ u.recv.client = va_arg(ap, ClientPtr);
+ u.recv.pWin = va_arg(ap, WindowPtr);
+ u.recv.events = va_arg(ap, xEventPtr);
+ u.recv.count = va_arg(ap, int);
+ u.recv.status = Success; /* default allow */
+ prv = &u.recv.status;
break;
- }
- case XACE_CLIENT_ACCESS: {
- XaceClientAccessRec rec;
- rec.client = va_arg(ap, ClientPtr);
- rec.target = va_arg(ap, ClientPtr);
- rec.access_mode = va_arg(ap, Mask);
- rec.status = Success; /* default allow */
- calldata = &rec;
- prv = &rec.status;
+ case XACE_CLIENT_ACCESS:
+ u.client.client = va_arg(ap, ClientPtr);
+ u.client.target = va_arg(ap, ClientPtr);
+ u.client.access_mode = va_arg(ap, Mask);
+ u.client.status = Success; /* default allow */
+ prv = &u.client.status;
break;
- }
- case XACE_EXT_ACCESS: {
- XaceExtAccessRec rec;
- rec.client = va_arg(ap, ClientPtr);
- rec.ext = va_arg(ap, ExtensionEntry*);
- rec.access_mode = DixGetAttrAccess;
- rec.status = Success; /* default allow */
- calldata = &rec;
- prv = &rec.status;
+ case XACE_EXT_ACCESS:
+ u.ext.client = va_arg(ap, ClientPtr);
+ u.ext.ext = va_arg(ap, ExtensionEntry*);
+ u.ext.access_mode = DixGetAttrAccess;
+ u.ext.status = Success; /* default allow */
+ prv = &u.ext.status;
break;
- }
- case XACE_SERVER_ACCESS: {
- XaceServerAccessRec rec;
- rec.client = va_arg(ap, ClientPtr);
- rec.access_mode = va_arg(ap, Mask);
- rec.status = Success; /* default allow */
- calldata = &rec;
- prv = &rec.status;
+ case XACE_SERVER_ACCESS:
+ u.server.client = va_arg(ap, ClientPtr);
+ u.server.access_mode = va_arg(ap, Mask);
+ u.server.status = Success; /* default allow */
+ prv = &u.server.status;
break;
- }
case XACE_SCREEN_ACCESS:
- case XACE_SCREENSAVER_ACCESS: {
- XaceScreenAccessRec rec;
- rec.client = va_arg(ap, ClientPtr);
- rec.screen = va_arg(ap, ScreenPtr);
- rec.access_mode = va_arg(ap, Mask);
- rec.status = Success; /* default allow */
- calldata = &rec;
- prv = &rec.status;
+ case XACE_SCREENSAVER_ACCESS:
+ u.screen.client = va_arg(ap, ClientPtr);
+ u.screen.screen = va_arg(ap, ScreenPtr);
+ u.screen.access_mode = va_arg(ap, Mask);
+ u.screen.status = Success; /* default allow */
+ prv = &u.screen.status;
break;
- }
- case XACE_AUTH_AVAIL: {
- XaceAuthAvailRec rec;
- rec.client = va_arg(ap, ClientPtr);
- rec.authId = va_arg(ap, XID);
- calldata = &rec;
+ case XACE_AUTH_AVAIL:
+ u.auth.client = va_arg(ap, ClientPtr);
+ u.auth.authId = va_arg(ap, XID);
break;
- }
- case XACE_KEY_AVAIL: {
- XaceKeyAvailRec rec;
- rec.event = va_arg(ap, xEventPtr);
- rec.keybd = va_arg(ap, DeviceIntPtr);
- rec.count = va_arg(ap, int);
- calldata = &rec;
+ case XACE_KEY_AVAIL:
+ u.key.event = va_arg(ap, xEventPtr);
+ u.key.keybd = va_arg(ap, DeviceIntPtr);
+ u.key.count = va_arg(ap, int);
break;
- }
- default: {
+ default:
va_end(ap);
return 0; /* unimplemented hook number */
- }
}
va_end(ap);
/* call callbacks and return result, if any. */
- CallCallbacks(&XaceHooks[hook], calldata);
+ CallCallbacks(&XaceHooks[hook], &u);
return prv ? *prv : Success;
}
commit f07fc1461d38c8228d1bacf3d19932cac7bacddd
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Fri Jun 11 10:12:52 2010 +1000
xkb: fix invalid memory writes in _XkbCopyGeom.
Classic strlen/strcpy mistake of
foo = malloc(strlen(bar));
strcpy(foo, bar);
Testcase: valgrind Xephyr :1
==8591== Invalid write of size 1
==8591== at 0x4A0638F: strcpy (mc_replace_strmem.c:311)
==8591== by 0x605593: _XkbCopyGeom (xkbUtils.c:1994)
==8591== by 0x605973: XkbCopyKeymap (xkbUtils.c:2118)
==8591== by 0x6122B3: InitKeyboardDeviceStruct (xkbInit.c:560)
==8591== by 0x4472E2: CoreKeyboardProc (devices.c:577)
==8591== by 0x447162: ActivateDevice (devices.c:530)
==8591== by 0x4475D6: InitCoreDevices (devices.c:672)
==8591== by 0x4449EE: main (main.c:254)
==8591== Address 0x6f96505 is 0 bytes after a block of size 53 alloc'd
Reply to: