libx11: Changes to 'upstream-unstable'
configure.ac | 139 ++++++++++++++++++---------------------
modules/im/ximcp/imLcFlt.c | 34 ++++++---
modules/im/ximcp/imLcIc.c | 2
modules/im/ximcp/imLcLkup.c | 26 +++++--
modules/im/ximcp/imLcPrs.c | 5 -
modules/im/ximcp/imRm.c | 4 +
modules/im/ximcp/imRmAttr.c | 7 +
modules/im/ximcp/imThaiFlt.c | 11 ++-
modules/im/ximcp/imTrX.c | 33 +++++----
modules/lc/def/lcDefConv.c | 2
modules/lc/gen/lcGenConv.c | 2
nls/compose-chart.pl | 2
specs/i18n/localedb/localedb.xml | 4 -
specs/i18n/trans/trans.xml | 2
src/Font.c | 2
src/GetProp.c | 2
src/ImUtil.c | 1
src/KeyBind.c | 2
src/Makefile.am | 1
src/Region.c | 13 +++
src/XlibInt.c | 26 +++++--
src/Xrm.c | 15 +++-
src/XrmI.h | 46 ------------
src/xcb_io.c | 15 +++-
src/xcms/LRGB.c | 23 ++----
src/xcms/cmsColNm.c | 4 -
src/xcms/cmsProp.c | 17 ++--
src/xkb/XKB.c | 2
src/xkb/XKBGAlloc.c | 4 -
src/xkb/XKBList.c | 2
src/xkb/XKBMisc.c | 2
src/xlibi18n/XDefaultOMIF.c | 10 --
src/xlibi18n/lcFile.c | 6 -
src/xlibi18n/lcGeneric.c | 2
34 files changed, 251 insertions(+), 217 deletions(-)
New commits:
commit db8b20b789112717ac0590b40f0b4dc2171797d0
Author: Jeremy Huddleston <jeremyhu@apple.com>
Date: Thu Mar 17 16:15:00 2011 -0700
configure.ac: Bump version to 1.4.2
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
diff --git a/configure.ac b/configure.ac
index 3b2bd50..aa39b38 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
# Initialize Autoconf
AC_PREREQ([2.60])
-AC_INIT([libX11], [1.4.1],
+AC_INIT([libX11], [1.4.2],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libX11])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([src/config.h include/X11/XlibConf.h])
commit 83e1ba59c48c79f8b0a7e7aa0b9c9cfd84fa403d
Author: Jamey Sharp <jamey@minilop.net>
Date: Tue Mar 15 16:48:07 2011 -0700
Call _XErrorFunction without holding the Display lock.
Historically, Xlib dropped the Display lock around the upcall to any
user-supplied _XErrorFunction, but somewhere along the way I quit doing
that if you built with XCB. The reasons are lost somewhere in the
pre-git history of Xlib/XCB, and I can't now see any reason to hold the
lock.
The documentation for XSetErrorHandler still applies though:
Because this condition is not assumed to be fatal, it is acceptable
for your error handler to return; the returned value is ignored.
However, the error handler should not call any functions (directly
or indirectly) on the display that will generate protocol requests
or that will look for input events.
So while you are now once again permitted to re-enter Xlib from the
error handler, you're only allowed to call non-protocol functions.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
diff --git a/src/XlibInt.c b/src/XlibInt.c
index a78da9b..3db151e 100644
--- a/src/XlibInt.c
+++ b/src/XlibInt.c
@@ -1574,7 +1574,19 @@ int _XError (
!(*dpy->error_vec[rep->errorCode])(dpy, &event.xerror, rep))
return 0;
if (_XErrorFunction != NULL) {
- return (*_XErrorFunction)(dpy, (XErrorEvent *)&event); /* upcall */
+ int rtn_val;
+#ifdef XTHREADS
+ if (dpy->lock)
+ (*dpy->lock->user_lock_display)(dpy);
+ UnlockDisplay(dpy);
+#endif
+ rtn_val = (*_XErrorFunction)(dpy, (XErrorEvent *)&event); /* upcall */
+#ifdef XTHREADS
+ LockDisplay(dpy);
+ if (dpy->lock)
+ (*dpy->lock->user_unlock_display)(dpy);
+#endif
+ return rtn_val;
} else {
return _XDefaultError(dpy, (XErrorEvent *)&event);
}
commit fd85aca7a616c595fc17b2520f84316a11e8906f
Author: Jamey Sharp <jamey@minilop.net>
Date: Mon Mar 14 14:45:35 2011 -0700
Ignore user locks after sleeping in _XReply and _XReadEvents.
This bug appears as a hang in applications that wait for replies from
multiple threads, where one such thread has taken a user lock using
XLockDisplay.
Prior to this fix, the code could deadlock in this way: If thread 1 goes
to sleep waiting for a reply, and then thread 2 takes a user lock and
waits for a reply, then thread 2 will wait for thread 1 to process its
reply (because responses must be processed in order), but thread 1 will
wait for thread 2 to drop its user lock.
Fixed by making thread 1 not wait for thread 2 to drop its user lock.
This makes the semantics of user locks hard to define, but they were
already hard to define. The new behavior appears to be consistent with
the way Xlib worked historically, anyway.
Fixes: http://lists.freedesktop.org/archives/xcb/2011-March/006802.html
There was a similar potential for deadlock in _XReadEvents, fixed the
same way, with the same caveats about user-lock semantics.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
diff --git a/src/xcb_io.c b/src/xcb_io.c
index 7e685de..8930736 100644
--- a/src/xcb_io.c
+++ b/src/xcb_io.c
@@ -340,7 +340,15 @@ void _XReadEvents(Display *dpy)
dpy->xcb->event_waiter = 1;
UnlockDisplay(dpy);
event = xcb_wait_for_event(dpy->xcb->connection);
- InternalLockDisplay(dpy, /* don't skip user locks */ 0);
+ /* It appears that classic Xlib respected user
+ * locks when waking up after waiting for
+ * events. However, if this thread did not have
+ * any user locks, and another thread takes a
+ * user lock and tries to read events, then we'd
+ * deadlock. So we'll choose to let the thread
+ * that got in first consume events, despite the
+ * later thread's user locks. */
+ InternalLockDisplay(dpy, /* ignore user locks */ 1);
dpy->xcb->event_waiter = 0;
ConditionBroadcast(dpy, dpy->xcb->event_notify);
if(!event)
@@ -531,7 +539,10 @@ Status _XReply(Display *dpy, xReply *rep, int extra, Bool discard)
req->reply_waiter = 1;
UnlockDisplay(dpy);
response = xcb_wait_for_reply(c, req->sequence, &error);
- InternalLockDisplay(dpy, /* don't skip user locks */ 0);
+ /* Any user locks on another thread must have been taken
+ * while we slept in xcb_wait_for_reply. Classic Xlib
+ * ignored those user locks in this case, so we do too. */
+ InternalLockDisplay(dpy, /* ignore user locks */ 1);
/* We have the response we're looking for. Now, before
* letting anyone else process this sequence number, we
commit 690f8bffd48a4e7e74298360ddd0431dc95dcd3f
Author: Erkki Seppälä <erkki.seppala@vincit.fi>
Date: Tue Jan 18 15:58:20 2011 +0200
xkb: XkbPropertyPtr determined allocation success from wrong variables
Cannot reach dead statement "return NULL;"
Check for the NULLness of prop->name and prop->value instead of
name and value, which was checked earlier anyway. Decided against
using strdup due to curious memory allocation functions and the
rest of the xkb not using it either.
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
diff --git a/src/xkb/XKBGAlloc.c b/src/xkb/XKBGAlloc.c
index 17d13be..90ec2f9 100644
--- a/src/xkb/XKBGAlloc.c
+++ b/src/xkb/XKBGAlloc.c
@@ -696,11 +696,11 @@ register XkbPropertyPtr prop;
}
prop= &geom->properties[geom->num_properties];
prop->name= (char *)_XkbAlloc(strlen(name)+1);
- if (!name)
+ if (!prop->name)
return NULL;
strcpy(prop->name,name);
prop->value= (char *)_XkbAlloc(strlen(value)+1);
- if (!value) {
+ if (!prop->value) {
_XkbFree(prop->name);
prop->name= NULL;
return NULL;
commit 6a4d027284e7bb5dd458157947bbb1ff580ad071
Author: Erkki Seppälä <erkki.seppala@vincit.fi>
Date: Mon Jan 10 16:37:22 2011 +0200
keyBind: Use Xcalloc to initialize allocated _XKeytrans
Using uninitialized value "p->modifiers"
Small fix by using Xcalloc instead of Xmalloc
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
diff --git a/src/KeyBind.c b/src/KeyBind.c
index 6d80a02..ac25ce2 100644
--- a/src/KeyBind.c
+++ b/src/KeyBind.c
@@ -996,7 +996,7 @@ XRebindKeysym (
tmp = dpy->key_bindings;
nb = sizeof(KeySym) * nm;
- if ((! (p = (struct _XKeytrans *) Xmalloc( sizeof(struct _XKeytrans)))) ||
+ if ((! (p = (struct _XKeytrans *) Xcalloc( 1, sizeof(struct _XKeytrans)))) ||
((! (p->string = (char *) Xmalloc( (unsigned) nbytes))) &&
(nbytes > 0)) ||
((! (p->modifiers = (KeySym *) Xmalloc( (unsigned) nb))) &&
commit b993d73bb3214ecc24646f5427c8003b816c6921
Author: Erkki Seppälä <erkki.seppala@vincit.fi>
Date: Mon Jan 10 16:22:45 2011 +0200
im/ximcp: release modifiermap before returning
Variable "map" goes out of scope
Release modifiermap before returning. Reordered code to call
XGetModifierMapping after the first return from the function.
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Reviewed-by: Dirk Wallenstein <halsmit@t-online.de>
diff --git a/modules/im/ximcp/imThaiFlt.c b/modules/im/ximcp/imThaiFlt.c
index e0b3988..12e3de2 100644
--- a/modules/im/ximcp/imThaiFlt.c
+++ b/modules/im/ximcp/imThaiFlt.c
@@ -1262,15 +1262,22 @@ Private unsigned
NumLockMask(Display *d)
{
int i;
- XModifierKeymap *map = XGetModifierMapping (d);
+ XModifierKeymap *map;
KeyCode numlock_keycode = XKeysymToKeycode (d, XK_Num_Lock);
if (numlock_keycode == NoSymbol)
return 0;
+ map = XGetModifierMapping (d);
+ if (!map)
+ return 0;
+
for (i = 0; i < 8; i++) {
- if (map->modifiermap[map->max_keypermod * i] == numlock_keycode)
+ if (map->modifiermap[map->max_keypermod * i] == numlock_keycode) {
+ XFreeModifiermap(map);
return 1 << i;
+ }
}
+ XFreeModifiermap(map);
return 0;
}
commit 807a7fc0354f2212dfa5ff1f9e4ede56d8e69ef4
Author: Gaetan Nadon <memsize@videotron.ca>
Date: Fri Feb 25 09:23:54 2011 -0500
Docbook: change the book id to match the xml file basename
This is required for the up-coming external references support.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
diff --git a/specs/i18n/localedb/localedb.xml b/specs/i18n/localedb/localedb.xml
index 48a1761..c4f6d13 100644
--- a/specs/i18n/localedb/localedb.xml
+++ b/specs/i18n/localedb/localedb.xml
@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-<book id="localedbspec">
+<book id="localedb">
<bookinfo>
<title>X Locale Database Specification</title>
@@ -71,7 +71,7 @@ in this Software without prior written authorization from X Consortium.
</legalnotice>
</bookinfo>
-<chapter id="localedb">
+<chapter id="localeDatabase">
<title>LocaleDB</title>
<sect1 id="General">
diff --git a/specs/i18n/trans/trans.xml b/specs/i18n/trans/trans.xml
index 42e3ca9..c8447f9 100644
--- a/specs/i18n/trans/trans.xml
+++ b/specs/i18n/trans/trans.xml
@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-<book id="xtransportspec">
+<book id="trans">
<bookinfo>
<title>The XIM Transport Specification</title>
commit 40812b53ff5fe548f6eaf43ba4c8781cb43dab43
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Mon Feb 21 21:54:17 2011 +0100
Make the Local XIM request key releases for braille
Braille chords management needs key release events. We need to explicitly
request then, else GTK would not pass them throught XFilterEvent and braille
wouldn't work.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
diff --git a/modules/im/ximcp/imLcIc.c b/modules/im/ximcp/imLcIc.c
index 53d53ef..c072808 100644
--- a/modules/im/ximcp/imLcIc.c
+++ b/modules/im/ximcp/imLcIc.c
@@ -180,7 +180,7 @@ _XimLocalCreateIC(
values, XIM_CREATEIC, True)) {
goto Set_Error;
}
- ic_values.filter_events = KeyPressMask;
+ ic_values.filter_events = KeyPressMask | KeyReleaseMask;
_XimSetCurrentICValues(ic, &ic_values);
if(_XimSetICDefaults(ic, (XPointer)&ic_values,
XIM_SETICDEFAULTS, res, num) == False) {
commit c97c42c49cd5095462abecdf908b416fb0b540b6
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Mon Feb 21 17:27:38 2011 +0100
Match braille patterns with compose tree
Braille patterns should also be usable in Compose. This combines the
implementation of braille chords and compose tree: only emit the braille
pattern if it can not be found in the compose tree, if any.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
diff --git a/modules/im/ximcp/imLcFlt.c b/modules/im/ximcp/imLcFlt.c
index ae26fa8..06aa998 100644
--- a/modules/im/ximcp/imLcFlt.c
+++ b/modules/im/ximcp/imLcFlt.c
@@ -45,6 +45,7 @@ _XimLocalFilter(Display *d, Window w, XEvent *ev, XPointer client_data)
static char buf[256];
DefTree *b = ic->private.local.base.tree;
DTIndex t;
+ Bool braille = False;
if(ev->xkey.keycode == 0)
return (False);
@@ -58,6 +59,7 @@ _XimLocalFilter(Display *d, Window w, XEvent *ev, XPointer client_data)
if(ev->type == KeyPress) {
ic->private.local.brl_pressed |=
1<<(keysym-XK_braille_dot_1);
+ return(True);
} else {
if(!ic->private.local.brl_committing
|| ev->xkey.time - ic->private.local.brl_release_start > 300) {
@@ -65,23 +67,20 @@ _XimLocalFilter(Display *d, Window w, XEvent *ev, XPointer client_data)
ic->private.local.brl_release_start = ev->xkey.time;
}
ic->private.local.brl_pressed &= ~(1<<(keysym-XK_braille_dot_1));
- if(!ic->private.local.brl_pressed) {
- if(ic->private.local.brl_committing) {
- ic->private.local.brl_committed =
- ic->private.local.brl_committing;
- ic->private.local.composed = 0;
- ev->type = KeyPress;
- ev->xkey.keycode = 0;
- _XPutBackEvent(d, ev);
- }
+ if(!ic->private.local.brl_pressed && ic->private.local.brl_committing) {
+ /* Commited a braille pattern, let it go through compose tree */
+ keysym = XK_braille_blank | ic->private.local.brl_committing;
+ ev->type = KeyPress;
+ braille = True;
+ } else {
+ return(True);
}
}
- return(True);
}
if( (ev->type != KeyPress)
|| (((Xim)ic->core.im)->private.local.top == 0 ) )
- return(False);
+ goto emit_braille;
for(t = ic->private.local.context; t; t = b[t].next) {
if(((ev->xkey.state & b[t].modifier_mask) == b[t].modifier) &&
@@ -105,11 +104,22 @@ _XimLocalFilter(Display *d, Window w, XEvent *ev, XPointer client_data)
}
} else { /* Unmatched */
if(ic->private.local.context == ((Xim)ic->core.im)->private.local.top) {
- return(False);
+ goto emit_braille;
}
/* Error (Sequence Unmatch occured) */
/* initialize internal state for next key sequence */
ic->private.local.context = ((Xim)ic->core.im)->private.local.top;
return(True);
}
+
+emit_braille:
+ if(braille) {
+ /* Braille pattern is not in compose tree, emit alone */
+ ic->private.local.brl_committed = ic->private.local.brl_committing;
+ ic->private.local.composed = 0;
+ ev->xkey.keycode = 0;
+ _XPutBackEvent(d, ev);
+ return(True);
+ }
+ return(False);
}
commit 0c6ca565d7c8a47ef3ea823569a9ca5298a5307d
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Mon Feb 21 15:56:54 2011 +0100
Fix status reporting for braille patterns
_XimLocalMbLookupString can return a braille keysym even if _Xlcwctomb can't
convert to the current MB charset.
_XimLocalUtf8LookupString needs to set the braille keysym and status too.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
diff --git a/modules/im/ximcp/imLcLkup.c b/modules/im/ximcp/imLcLkup.c
index 4891176..8e4111a 100644
--- a/modules/im/ximcp/imLcLkup.c
+++ b/modules/im/ximcp/imLcLkup.c
@@ -63,20 +63,25 @@ _XimLocalMbLookupString(XIC xic, XKeyEvent *ev, char *buffer, int bytes,
unsigned char pattern = ic->private.local.brl_committed;
char mb[XLC_PUBLIC(ic->core.im->core.lcd, mb_cur_max)];
ret = _Xlcwctomb(ic->core.im->core.lcd, mb, BRL_UC_ROW | pattern);
- if(ret < 0) {
- if(status) *status = XLookupNone;
- return(0);
- }
if(ret > bytes) {
if(status) *status = XBufferOverflow;
return(ret);
}
- if(keysym) {
- *keysym = XK_braille_blank | pattern;
- if(status) *status = XLookupBoth;
- } else
- if(status) *status = XLookupChars;
- memcpy(buffer, mb, ret);
+ if(keysym) *keysym = XK_braille_blank | pattern;
+ if(ret > 0) {
+ if (keysym) {
+ if(status) *status = XLookupBoth;
+ } else {
+ if(status) *status = XLookupChars;
+ }
+ memcpy(buffer, mb, ret);
+ } else {
+ if(keysym) {
+ if(status) *status = XLookupKeySym;
+ } else {
+ if(status) *status = XLookupNone;
+ }
+ }
} else { /* Composed Event */
ret = strlen(&mb[b[ic->private.local.composed].mb]);
if(ret > bytes) {
@@ -217,6 +222,11 @@ _XimLocalUtf8LookupString(XIC xic, XKeyEvent *ev, char *buffer, int bytes,
buffer[0] = 0xe0 | ((BRL_UC_ROW >> 12) & 0x0f);
buffer[1] = 0x80 | ((BRL_UC_ROW >> 8) & 0x30) | (pattern >> 6);
buffer[2] = 0x80 | (pattern & 0x3f);
+ if(keysym) {
+ *keysym = XK_braille_blank | pattern;
+ if(status) *status = XLookupBoth;
+ } else
+ if(status) *status = XLookupChars;
} else { /* Composed Event */
ret = strlen(&utf8[b[ic->private.local.composed].utf8]);
if(ret > bytes) {
commit 993abe751f4141f54d8d28b8b73588a1c9085970
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri Feb 11 14:49:17 2011 -0800
Clean up memory when first XCreateRegion succeeds and second fails
Error: Memory leak (CWE 401)
Memory leak of pointer 's' allocated with XCreateRegion()
at line 387 of /export/alanc/X.Org/sx86-gcc/lib/libX11/src/Region.c in function 'XShrinkRegion'.
's' allocated at line 387 with XCreateRegion().
s leaks when s != 0 at line 387.
Error: Memory leak (CWE 401)
Memory leak of pointer 'tra' allocated with XCreateRegion()
at line 1452 of /export/alanc/X.Org/sx86-gcc/lib/libX11/src/Region.c in function 'XXorRegion'.
'tra' allocated at line 1451 with XCreateRegion().
tra leaks when tra != 0 at line 1451.
[ This bug was found by the Parfait 0.3.6 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/Region.c b/src/Region.c
index 45a0bda..41047b2 100644
--- a/src/Region.c
+++ b/src/Region.c
@@ -384,7 +384,12 @@ XShrinkRegion(
int grow;
if (!dx && !dy) return 0;
- if ((! (s = XCreateRegion())) || (! (t = XCreateRegion()))) return 0;
+ if (! (s = XCreateRegion()) )
+ return 0;
+ if (! (t = XCreateRegion()) ) {
+ XDestroyRegion(s);
+ return 0;
+ }
if ((grow = (dx < 0))) dx = -dx;
if (dx) Compress(r, s, t, (unsigned) 2*dx, TRUE, grow);
if ((grow = (dy < 0))) dy = -dy;
@@ -1448,8 +1453,12 @@ XXorRegion(Region sra, Region srb, Region dr)
{
Region tra, trb;
- if ((! (tra = XCreateRegion())) || (! (trb = XCreateRegion())))
+ if (! (tra = XCreateRegion()) )
return 0;
+ if (! (trb = XCreateRegion()) ) {
+ XDestroyRegion(tra);
+ return 0;
+ }
(void) XSubtractRegion(sra,srb,tra);
(void) XSubtractRegion(srb,sra,trb);
(void) XUnionRegion(tra,trb,dr);
commit 6ac417cea1136a3617f5e40f4b106aaa3f48d6c2
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri Feb 11 14:20:24 2011 -0800
ximcp: Prevent memory leak & double free if multiple %L in string
In the highly unlikely event that TransFileName was passed a path
containing multiple %L entries, for each entry it would call
_XlcFileName, leaking the previous results, and then for each entry it
would copy from that pointer and free it, resulting in invalid pointers
& possible double frees for each use after the first one freed it.
Error: Use after free (CWE 416)
Use after free of pointer 'lcCompose'
at line 358 of modules/im/ximcp/imLcPrs.c in function 'TransFileName'.
Previously freed at line 360 with free.
Error: Use after free (CWE 416)
Use after free of pointer 'lcCompose'
at line 359 of modules/im/ximcp/imLcPrs.c in function 'TransFileName'.
Previously freed at line 360 with free.
Error: Double free (CWE 415)
Double free of pointer 'lcCompose'
at line 360 of modules/im/ximcp/imLcPrs.c in function 'TransFileName'.
Previously freed at line 360 with free.
[ This bug was found by the Parfait 0.3.6 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/modules/im/ximcp/imLcPrs.c b/modules/im/ximcp/imLcPrs.c
index 75449ef..4e54385 100644
--- a/modules/im/ximcp/imLcPrs.c
+++ b/modules/im/ximcp/imLcPrs.c
@@ -321,7 +321,8 @@ TransFileName(Xim im, char *name)
l += strlen(home);
break;
case 'L':
- lcCompose = _XlcFileName(im->core.lcd, COMPOSE_FILE);
+ if (lcCompose == NULL)
+ lcCompose = _XlcFileName(im->core.lcd, COMPOSE_FILE);
if (lcCompose)
l += strlen(lcCompose);
break;
@@ -357,7 +358,6 @@ TransFileName(Xim im, char *name)
if (lcCompose) {
strcpy(j, lcCompose);
j += strlen(lcCompose);
- Xfree(lcCompose);
}
break;
case 'S':
@@ -371,6 +371,7 @@ TransFileName(Xim im, char *name)
}
}
*j = '\0';
+ Xfree(lcCompose);
return ret;
}
commit 502d414118c97d35a44f8e295709682022876331
Author: Erkki Seppälä <erkki.seppala@vincit.fi>
Date: Thu Feb 3 17:08:57 2011 +0200
xcms/cmsProp: don't deal with uninitialized values, fail instead
Properly handle the return value of XGetWindowProperty by considering
if after the loop as well.
Using freed pointer "prop_ret"
There were numerous things wrong in how this function interacted with
XGetWindowProperty.
None of the local variables were initialized and remained that way if
the call to XGetWindowProperty returned 1 (not Succeed). That doesn't
result in after_ret being initialized in which case if it happens to
be 0, the loop was exited. In that case format_ret and nitems_ret were
uninitialized and the function might return with success (but with
uninitialized pointer in prop_ret) or XcmsFailure.
As the buffer enlarging code was called only when XGetWindowProperty
failed (returned not Success), after_ret would not have been
initialized. It would have been initialized only if the
XGetWindowProperty has returned Success earlier, but in that case the
code fragment would not have been reached.
This patch alters the function to return XcmsFailure if the call to
XGetWindowProperty fails.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
diff --git a/src/xcms/cmsProp.c b/src/xcms/cmsProp.c
index 856ae84..2826ee7 100644
--- a/src/xcms/cmsProp.c
+++ b/src/xcms/cmsProp.c
@@ -121,20 +121,23 @@ _XcmsGetProperty(
long len = 6516;
unsigned long nitems_ret, after_ret;
Atom atom_ret;
+ int xgwp_ret;
- while (XGetWindowProperty (pDpy, w, property, 0, len, False,
- XA_INTEGER, &atom_ret, &format_ret,
- &nitems_ret, &after_ret,
- (unsigned char **)&prop_ret)) {
- if (after_ret > 0) {
+ while (True) {
+ xgwp_ret = XGetWindowProperty (pDpy, w, property, 0, len, False,
+ XA_INTEGER, &atom_ret, &format_ret,
+ &nitems_ret, &after_ret,
+ (unsigned char **)&prop_ret);
+ if (xgwp_ret == Success && after_ret > 0) {
len += nitems_ret * (format_ret >> 3);
XFree (prop_ret);
} else {
break;
}
}
- if (format_ret == 0 || nitems_ret == 0) {
- /* the property does not exist or is of an unexpected type */
+ if (xgwp_ret != Success || format_ret == 0 || nitems_ret == 0) {
+ /* the property does not exist or is of an unexpected type or
+ getting window property failed */
return(XcmsFailure);
}
commit c37e278993b9e5b3d7025ef4c434373a011996ec
Author: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Date: Mon Jan 31 14:02:07 2011 +0200
xcms/LRGB: don't double-free property_return
property_return was free'd before and in the case the conditional is true,
the call to XcmsGetProperty failed which means that property_return wasn't
set so there is no need to free it again.
Double free of pointer "property_return" in call to "free"
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
diff --git a/src/xcms/LRGB.c b/src/xcms/LRGB.c
index 750c492..2dca82e 100644
--- a/src/xcms/LRGB.c
+++ b/src/xcms/LRGB.c
@@ -573,7 +573,6 @@ LINEAR_RGB_InitSCCData(
if (CorrectAtom == None ||
!_XcmsGetProperty (dpy, RootWindow(dpy, screenNumber), CorrectAtom,
&format_return, &nitems, &nbytes_return, &property_return)) {
- Xfree ((char *)property_return);
goto FreeSCCData;
}
commit 50f4107811249806718a100f9d34f996c58e5e25
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Wed Feb 2 08:58:45 2011 -0800
Xrm.c: ReadInFile: refactor fstat error handling
We can simplify the fstat failure case now that the GetFileSize macro
has been expanded inline.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
diff --git a/src/Xrm.c b/src/Xrm.c
index 4892b64..c466cae 100644
--- a/src/Xrm.c
+++ b/src/Xrm.c
@@ -1596,18 +1596,13 @@ ReadInFile(_Xconst char *filename)
*/
{
struct stat status_buffer;
- if ( (fstat(fd, &status_buffer)) == -1 )
- size = -1;
- else
+ if ( (fstat(fd, &status_buffer)) == -1 ) {
+ close (fd);
+ return (char *)NULL;
+ } else
size = status_buffer.st_size;
}
- /* There might have been a problem trying to stat a file */
- if (size == -1) {
- close (fd);
- return (char *)NULL;
- }
-
if (!(filebuf = Xmalloc(size + 1))) { /* leave room for '\0' */
close(fd);
return (char *)NULL;
commit 5e9c40fcb5da43c9fdacf12967d090bf202daf2a
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Wed Feb 2 08:56:00 2011 -0800
Expand GetSizeOfFile() macro at the one place it's called
Removes XrmI.h header that only contained this single macro
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
diff --git a/src/Makefile.am b/src/Makefile.am
index 8b0953c..71e02e7 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -321,7 +321,6 @@ libX11_la_SOURCES = \
XomGeneric.h \
Xresinternal.h \
Xrm.c \
- XrmI.h \
Xxcbint.h
#
diff --git a/src/Xrm.c b/src/Xrm.c
index fbc8ad2..4892b64 100644
--- a/src/Xrm.c
+++ b/src/Xrm.c
@@ -60,8 +60,8 @@ from The Open Group.
#ifdef XTHREADS
#include "locking.h"
#endif
-#include "XrmI.h"
#include <X11/Xos.h>
+#include <sys/stat.h>
#include "Xresinternal.h"
#include "Xresource.h"
@@ -1594,7 +1594,13 @@ ReadInFile(_Xconst char *filename)
* result that the number of bytes actually read with be <=
* to the size returned by fstat.
*/
- GetSizeOfFile(fd, size);
+ {
+ struct stat status_buffer;
+ if ( (fstat(fd, &status_buffer)) == -1 )
+ size = -1;
+ else
+ size = status_buffer.st_size;
+ }
/* There might have been a problem trying to stat a file */
if (size == -1) {
diff --git a/src/XrmI.h b/src/XrmI.h
deleted file mode 100644
index 7e25607..0000000
--- a/src/XrmI.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-
-Copyright 1990, 1998 The Open Group
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-the above copyright notice appear in all copies and that both that
-copyright notice and this permission notice appear in supporting
-documentation.
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-Except as contained in this notice, the name of The Open Group shall
-not be used in advertising or otherwise to promote the sale, use or
-other dealings in this Software without prior written authorization
-from The Open Group.
-
-*/
-
-
-/*
- * Macros to abstract out reading the file, and getting its size.
- *
- * You may need to redefine these for various other operating systems.
- */
-
-#include <X11/Xos.h>
-#include <sys/stat.h>
-
-#define GetSizeOfFile(fd,size) \
-{ \
- struct stat status_buffer; \
- if ( (fstat((fd), &status_buffer)) == -1 ) \
- size = -1; \
- else \
- size = status_buffer.st_size; \
-}
commit 450e17422c0e374d25c643f343ea268cec68da38
Author: Erkki Seppälä <erkki.seppala@vincit.fi>
Date: Mon Jan 31 14:01:57 2011 +0200
XlibInt: Use strncpy+zero termination instead of strcpy to enforce buffer size
Possible overrun of 8192 byte fixed size buffer "buffer" by copying
"ext->name" without length checking
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/XlibInt.c b/src/XlibInt.c
index 873ed8b..a78da9b 100644
--- a/src/XlibInt.c
+++ b/src/XlibInt.c
@@ -1439,9 +1439,10 @@ static int _XPrintDefaultError(
ext && (ext->codes.major_opcode != event->request_code);
ext = ext->next)
;
- if (ext)
- strcpy(buffer, ext->name);
- else
+ if (ext) {
+ strncpy(buffer, ext->name, BUFSIZ);
+ buffer[BUFSIZ - 1] = '\0';
+ } else
buffer[0] = '\0';
}
(void) fprintf(fp, " (%s)\n", buffer);
commit e2566e43b02d2d7b7c1c3bb7db7c5ae81c1245fa
Author: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Date: Mon Jan 31 14:02:13 2011 +0200
lc/def/lcDefConv: Use Xcalloc to avoid use of uninitialized memory
Fixed by zero'ing conv on allocation with Xcalloc. Then
close_converter works properly.
Using uninitialized value "conv->state" in call to function "close_converter"
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/modules/lc/def/lcDefConv.c b/modules/lc/def/lcDefConv.c
index 5860a79..12a4861 100644
--- a/modules/lc/def/lcDefConv.c
+++ b/modules/lc/def/lcDefConv.c
@@ -577,7 +577,7 @@ create_conv(
XlcConv conv;
State state;
- conv = (XlcConv) Xmalloc(sizeof(XlcConvRec));
+ conv = (XlcConv) Xcalloc(1, sizeof(XlcConvRec));
if (conv == NULL)
return (XlcConv) NULL;
diff --git a/modules/lc/gen/lcGenConv.c b/modules/lc/gen/lcGenConv.c
index 074a8d7..baac73a 100644
--- a/modules/lc/gen/lcGenConv.c
+++ b/modules/lc/gen/lcGenConv.c
@@ -2650,7 +2650,7 @@ create_conv(
XlcConv conv;
State state;
- conv = (XlcConv) Xmalloc(sizeof(XlcConvRec));
+ conv = (XlcConv) Xcalloc(1, sizeof(XlcConvRec));
if (conv == NULL)
return (XlcConv) NULL;
commit 03f81ad8fb9783986cf9b17661dd31e95c396681
Author: Erkki Seppälä <erkki.seppala@vincit.fi>
Date: Mon Jan 31 14:02:16 2011 +0200
xlibi18n/lcFile: Removed superfluous check for NULL target_dir
The situation is already handled before this code.
Cannot reach dead expression "0U" inside statement "if (1U + (target_dir ? strl..."
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/xlibi18n/lcFile.c b/src/xlibi18n/lcFile.c
index 21a546d..18756c1 100644
--- a/src/xlibi18n/lcFile.c
+++ b/src/xlibi18n/lcFile.c
@@ -685,8 +685,7 @@ _XlcLocaleDirName(char *dir_name, size_t dir_len, char *lc_name)
Xfree(name);
continue;
}
- if ((1 + (target_dir ? strlen (target_dir) : 0) +
- strlen("locale.dir")) < PATH_MAX) {
+ if ((1 + strlen (target_dir) + strlen("locale.dir")) < PATH_MAX) {
sprintf(buf, "%s/locale.dir", target_dir);
target_name = resolve_name(name, buf, RtoL);
}
@@ -785,8 +784,7 @@ _XlcLocaleLibDirName(char *dir_name, size_t dir_len, char *lc_name)
Xfree(name);
continue;
}
- if ((1 + (target_dir ? strlen (target_dir) : 0) +
- strlen("locale.dir")) < PATH_MAX) {
+ if ((1 + strlen (target_dir) + strlen("locale.dir")) < PATH_MAX) {
sprintf(buf, "%s/locale.dir", target_dir);
target_name = resolve_name(name, buf, RtoL);
}
commit 1346b9ea3b3882201ff8c3ee462ff4b0d4edf639
Author: Erkki Seppälä <erkki.seppala@vincit.fi>
Date: Mon Jan 31 14:02:15 2011 +0200
ximcp/imLckup: Handle negative return value from _Xlcwctomb
Fixed by negative value to memcpy by checking for the negative return
value of _Xlcwctomb and returning 0/XLookupNone in that case.
a negative value was passed to memcpy
Unfortunately the other return values for *status don't fit into the
error (which appears to indicate some internal error or running out of
memory). The other valid status codes are XBufferOverflow,
XLookupNone, XLookupChars, XLookupKeySym, and XLookupBoth. Each of
these has a specific meaning attached.
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Reply to: