xorg-server: Changes to 'ubuntu-precise'
debian/changelog | 9 +
debian/patches/229_randr_first_check_pScrPriv_before_using_the_pointer.patch | 30 +++++
debian/patches/230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch | 52 ++++++++++
debian/patches/series | 4
4 files changed, 94 insertions(+), 1 deletion(-)
New commits:
commit 373f2fbc415e40e1fb8b0564b23d0e45d96b9435
Author: Bryce Harrington <bryce@canonical.com>
Date: Mon Aug 6 11:50:08 2012 -0700
Patches to fix X crash when mixing randr and non-randr displays
diff --git a/debian/changelog b/debian/changelog
index 5842c13..4e066c9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+xorg-server (2:1.11.4-0ubuntu10.8) precise-proposed; urgency=low
+
+ * Add upstream patches to avoid seg fault in case the user is running with
+ multiple screens and xrandr is only enabled at one (LP: #1015292):
+ - 229_randr_first_check_pScrPriv_before_using_the_pointer.patch
+ - 230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@linaro.org> Thu, 19 Jul 2012 22:57:12 -0300
+
xorg-server (2:1.11.4-0ubuntu10.7) precise-proposed; urgency=low
* Re-enable 516-dix-dont-emulate-scroll-events-for-non-existing-axes.patch
diff --git a/debian/patches/229_randr_first_check_pScrPriv_before_using_the_pointer.patch b/debian/patches/229_randr_first_check_pScrPriv_before_using_the_pointer.patch
new file mode 100644
index 0000000..8c9cf71
--- /dev/null
+++ b/debian/patches/229_randr_first_check_pScrPriv_before_using_the_pointer.patch
@@ -0,0 +1,30 @@
+From 32603f57ca03b6390b109960f8bb5ea53ac95ecb Mon Sep 17 00:00:00 2001
+From: Ricardo Salveti de Araujo <ricardo.salveti@linaro.org>
+Date: Thu, 21 Jun 2012 00:55:53 -0300
+Subject: [PATCH] randr: first check pScrPriv before using the pointer at
+ RRFirstOutput
+
+Fix a seg fault in case pScrPriv is NULL at ProcRRGetScreenInfo,
+which later calls RRFirstOutput.
+
+Signed-off-by: Ricardo Salveti de Araujo <ricardo.salveti@linaro.org>
+Reviewed-by: Keith Packard <keithp@keithp.com>
+Signed-off-by: Keith Packard <keithp@keithp.com>
+---
+ randr/randr.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: xorg-server-1.11.4/randr/randr.c
+===================================================================
+--- xorg-server-1.11.4.orig/randr/randr.c 2012-07-17 18:46:06.000000000 -0300
++++ xorg-server-1.11.4/randr/randr.c 2012-07-17 18:48:35.169824448 -0300
+@@ -454,6 +454,9 @@
+ rrScrPriv(pScreen);
+ RROutputPtr output;
+ int i, j;
++
++ if (!pScrPriv)
++ return NULL;
+
+ if (pScrPriv->primaryOutput && pScrPriv->primaryOutput->crtc)
+ return pScrPriv->primaryOutput;
diff --git a/debian/patches/230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch b/debian/patches/230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch
new file mode 100644
index 0000000..e37d073
--- /dev/null
+++ b/debian/patches/230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch
@@ -0,0 +1,52 @@
+From 855003c333a0ead1db912695bc9705ef2b3144b4 Mon Sep 17 00:00:00 2001
+From: Keith Packard <keithp@keithp.com>
+Date: Thu, 21 Jun 2012 18:45:18 -0700
+Subject: [PATCH] randr: Catch two more potential unset rrScrPriv uses
+
+Ricardo Salveti <ricardo.salveti@linaro.org> found one place where the
+randr code could use the randr screen private data without checking
+for null first. This happens when the X server is running with
+multiple screens, some of which are randr enabled and some of which
+are not. Applications making protocol requests to the non-randr
+screens can cause segfaults where the server touches the unset private
+structure.
+
+I audited the code and found two more possible problem spots; the
+trick to auditing for this issue was to look for functions not taking
+a RandR data structure and where there was no null screen private
+check above them in the call graph.
+
+Signed-off-by: Keith Packard <keithp@keithp.com>
+---
+ randr/rroutput.c | 3 ++-
+ randr/rrscreen.c | 3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/randr/rroutput.c b/randr/rroutput.c
+index 091e06b..fbd0e32 100644
+--- a/randr/rroutput.c
++++ b/randr/rroutput.c
+@@ -546,7 +546,8 @@ ProcRRSetOutputPrimary(ClientPtr client)
+ }
+
+ pScrPriv = rrGetScrPriv(pWin->drawable.pScreen);
+- RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
++ if (pScrPriv)
++ RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
+
+ return Success;
+ }
+diff --git a/randr/rrscreen.c b/randr/rrscreen.c
+index f570afa..55110e0 100644
+--- a/randr/rrscreen.c
++++ b/randr/rrscreen.c
+@@ -261,6 +261,9 @@
+
+ pScreen = pWin->drawable.pScreen;
+ pScrPriv = rrGetScrPriv(pScreen);
++ if (!pScrPriv)
++ return BadMatch;
++
+ if (stuff->width < pScrPriv->minWidth || pScrPriv->maxWidth < stuff->width)
+ {
+ client->errorValue = stuff->width;
diff --git a/debian/patches/series b/debian/patches/series
index 0ce1ed6..0279297 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -31,13 +31,14 @@
226_fall_back_to_autoconfiguration.patch
227_null_ptr_midispcur.patch
228_log-format-fix.patch
+229_randr_first_check_pScrPriv_before_using_the_pointer.patch
+230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch
## Input Stack Patches (from xserver 1.12) ##
500_pointer_barrier_thresholds.diff
505_query_pointer_touchscreen.patch
506_touchscreen_pointer_emulation_checks.patch
507_touchscreen_fixes.patch
-
# Patch 508 attempted to fix LP: #968845, but caused regression
# crash bug #1009629. Patches 510-515 attempted to fix that
# regression, but this led to the severe crash bug #1021517.
@@ -50,3 +51,4 @@
#514-Xi-drop-forced-unpairing-when-changing-the-hierarchy.patch
#515-dix-disable-all-devices-before-shutdown.patch
516-dix-dont-emulate-scroll-events-for-non-existing-axes.patch
+
Reply to: