libxext: Changes to 'upstream-unstable'
COPYING | 3 -
autogen.sh | 4 +
configure.ac | 9 ++-
include/X11/extensions/sync.h | 2
man/XShape.man | 18 +++---
man/Xmbuf.man | 115 ++++++++++++++++++++++++------------------
src/Makefile.am | 1
src/XEVI.c | 29 +++++++---
src/XMultibuf.c | 3 -
src/XSecurity.c | 3 -
src/XShape.c | 27 +++++----
src/XSync.c | 39 ++++++++++----
src/Xcup.c | 49 +++++++++--------
src/Xdbe.c | 27 ++++++---
src/Xge.c | 10 +++
src/eat.h | 40 ++++++++++++++
16 files changed, 253 insertions(+), 126 deletions(-)
New commits:
commit d8366afbb0d2e4fbb1e419b1187f490522270bea
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri May 31 14:34:58 2013 -0700
libXext 1.3.2
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/configure.ac b/configure.ac
index fb9888d..9a1e0c2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
# Initialize Autoconf
AC_PREREQ([2.60])
-AC_INIT([libXext], [1.3.1],
+AC_INIT([libXext], [1.3.2],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXext])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h])
commit dfe6e1f3b8ede3d0bab7a5fa57f73513a09ec649
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 14:40:33 2013 -0800
integer overflow in XSyncListSystemCounters() [CVE-2013-1982 6/6]
If the number of counters or amount of data reported by the server is
large enough that it overflows when multiplied by the size of the
appropriate struct, then memory corruption can occur when more bytes
are read from the X server than the size of the buffers we allocated
to hold them.
V2: Make sure we don't walk past the end of the reply when converting
data from wire format to the structures returned to the caller.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/XSync.c b/src/XSync.c
index 3ca1308..ce4ab44 100644
--- a/src/XSync.c
+++ b/src/XSync.c
@@ -59,6 +59,7 @@ PERFORMANCE OF THIS SOFTWARE.
#include <X11/extensions/extutil.h>
#include <X11/extensions/sync.h>
#include <X11/extensions/syncproto.h>
+#include <limits.h>
#include "eat.h"
static XExtensionInfo _sync_info_data;
@@ -352,19 +353,28 @@ XSyncListSystemCounters(Display *dpy, int *n_counters_return)
if (rep.nCounters > 0)
{
xSyncSystemCounter *pWireSysCounter, *pNextWireSysCounter;
+ xSyncSystemCounter *pLastWireSysCounter;
XSyncCounter counter;
- int replylen;
+ unsigned int replylen;
int i;
- list = Xmalloc(rep.nCounters * sizeof(XSyncSystemCounter));
- replylen = rep.length << 2;
- pWireSysCounter = Xmalloc ((unsigned) replylen + sizeof(XSyncCounter));
- /* +1 to leave room for last counter read-ahead */
+ if (rep.nCounters < (INT_MAX / sizeof(XSyncSystemCounter)))
+ list = Xmalloc(rep.nCounters * sizeof(XSyncSystemCounter));
+ if (rep.length < (INT_MAX >> 2)) {
+ replylen = rep.length << 2;
+ pWireSysCounter = Xmalloc (replylen + sizeof(XSyncCounter));
+ /* +1 to leave room for last counter read-ahead */
+ pLastWireSysCounter = (xSyncSystemCounter *)
+ ((char *)pWireSysCounter) + replylen;
+ } else {
+ replylen = 0;
+ pWireSysCounter = NULL;
+ }
if ((!list) || (!pWireSysCounter))
{
- if (list) Xfree((char *) list);
- if (pWireSysCounter) Xfree((char *) pWireSysCounter);
+ Xfree(list);
+ Xfree(pWireSysCounter);
_XEatDataWords(dpy, rep.length);
list = NULL;
goto bail;
@@ -388,6 +398,14 @@ XSyncListSystemCounters(Display *dpy, int *n_counters_return)
pNextWireSysCounter = (xSyncSystemCounter *)
(((char *)pWireSysCounter) + ((SIZEOF(xSyncSystemCounter) +
pWireSysCounter->name_length + 3) & ~3));
+ /* Make sure we haven't gone too far */
+ if (pNextWireSysCounter > pLastWireSysCounter) {
+ Xfree(list);
+ Xfree(pWireSysCounter);
+ list = NULL;
+ goto bail;
+ }
+
counter = pNextWireSysCounter->counter;
list[i].name = ((char *)pWireSysCounter) +
commit 6ecd96e8be3c33e2ffad6631cea4aa0a030d93c2
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 14:40:33 2013 -0800
integer overflow in XShapeGetRectangles() [CVE-2013-1982 5/6]
If the number of rectangles reported by the server is large enough that
it overflows when multiplied by the size of the appropriate struct, then
memory corruption can occur when more bytes are read from the X server
than the size of the buffer we allocated to hold them.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/XShape.c b/src/XShape.c
index 3987876..d025020 100644
--- a/src/XShape.c
+++ b/src/XShape.c
@@ -35,6 +35,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/extutil.h>
#include <X11/extensions/shape.h>
#include <X11/extensions/shapeproto.h>
+#include <limits.h>
#include "eat.h"
static XExtensionInfo _shape_info_data;
@@ -443,7 +444,7 @@ XRectangle *XShapeGetRectangles (
xShapeGetRectanglesReply rep;
XRectangle *rects;
xRectangle *xrects;
- int i;
+ unsigned int i;
ShapeCheckExtension (dpy, info, (XRectangle *)NULL);
@@ -461,20 +462,23 @@ XRectangle *XShapeGetRectangles (
*count = rep.nrects;
*ordering = rep.ordering;
rects = NULL;
- if (*count) {
- xrects = (xRectangle *) Xmalloc (*count * sizeof (xRectangle));
- rects = (XRectangle *) Xmalloc (*count * sizeof (XRectangle));
+ if (rep.nrects) {
+ if (rep.nrects < (INT_MAX / sizeof (XRectangle))) {
+ xrects = Xmalloc (rep.nrects * sizeof (xRectangle));
+ rects = Xmalloc (rep.nrects * sizeof (XRectangle));
+ } else {
+ xrects = NULL;
+ rects = NULL;
+ }
if (!xrects || !rects) {
- if (xrects)
- Xfree (xrects);
- if (rects)
- Xfree (rects);
+ Xfree (xrects);
+ Xfree (rects);
_XEatDataWords (dpy, rep.length);
rects = NULL;
*count = 0;
} else {
- _XRead (dpy, (char *) xrects, *count * sizeof (xRectangle));
- for (i = 0; i < *count; i++) {
+ _XRead (dpy, (char *) xrects, rep.nrects * sizeof (xRectangle));
+ for (i = 0; i < rep.nrects; i++) {
rects[i].x = (short) cvtINT16toInt (xrects[i].x);
rects[i].y = (short) cvtINT16toInt (xrects[i].y);
rects[i].width = xrects[i].width;
commit 67ecdcf7e29de9fa78b421122620525ed2c7db88
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 14:40:33 2013 -0800
integer overflow in XeviGetVisualInfo() [CVE-2013-1982 4/6]
If the number of visuals or conflicts reported by the server is large
enough that it overflows when multiplied by the size of the appropriate
struct, then memory corruption can occur when more bytes are read from
the X server than the size of the buffer we allocated to hold them.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/XEVI.c b/src/XEVI.c
index 0125c51..5a95583 100644
--- a/src/XEVI.c
+++ b/src/XEVI.c
@@ -30,6 +30,7 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include <X11/extensions/Xext.h>
#include <X11/extensions/extutil.h>
#include <X11/Xutil.h>
+#include <limits.h>
#include "eat.h"
static XExtensionInfo *xevi_info;/* needs to move to globals.c */
@@ -165,13 +166,20 @@ Status XeviGetVisualInfo(
return BadAccess;
}
Xfree(temp_visual);
- sz_info = rep.n_info * sizeof(ExtendedVisualInfo);
- sz_xInfo = rep.n_info * sz_xExtendedVisualInfo;
- sz_conflict = rep.n_conflicts * sizeof(VisualID);
- sz_xConflict = rep.n_conflicts * sz_VisualID32;
- infoPtr = *evi_return = (ExtendedVisualInfo *)Xmalloc(sz_info + sz_conflict);
- xInfoPtr = temp_xInfo = (xExtendedVisualInfo *)Xmalloc(sz_xInfo);
- xConflictPtr = temp_conflict = (VisualID32 *)Xmalloc(sz_xConflict);
+ if ((rep.n_info < 65536) && (rep.n_conflicts < 65536)) {
+ sz_info = rep.n_info * sizeof(ExtendedVisualInfo);
+ sz_xInfo = rep.n_info * sz_xExtendedVisualInfo;
+ sz_conflict = rep.n_conflicts * sizeof(VisualID);
+ sz_xConflict = rep.n_conflicts * sz_VisualID32;
+ *evi_return = Xmalloc(sz_info + sz_conflict);
+ temp_xInfo = Xmalloc(sz_xInfo);
+ temp_conflict = Xmalloc(sz_xConflict);
+ } else {
+ sz_xInfo = sz_xConflict = 0;
+ *evi_return = NULL;
+ temp_xInfo = NULL;
+ temp_conflict = NULL;
+ }
if (!*evi_return || !temp_xInfo || !temp_conflict) {
_XEatDataWords(dpy, rep.length);
UnlockDisplay(dpy);
@@ -188,6 +196,9 @@ Status XeviGetVisualInfo(
_XRead(dpy, (char *)temp_conflict, sz_xConflict);
UnlockDisplay(dpy);
SyncHandle();
+ infoPtr = *evi_return;
+ xInfoPtr = temp_xInfo;
+ xConflictPtr = temp_conflict;
n_data = rep.n_info;
conflict = (VisualID *)(infoPtr + n_data);
while (n_data-- > 0) {
commit 96d1da55a08c4cd52b763cb07bdce5cdcbec4da8
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 14:40:33 2013 -0800
several integer overflows in XdbeGetVisualInfo() [CVE-2013-1982 3/6]
If the number of screens or visuals reported by the server is large enough
that it overflows when multiplied by the size of the appropriate struct,
then memory corruption can occur when more bytes are read from the X server
than the size of the buffer we allocated to hold them.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/Xdbe.c b/src/Xdbe.c
index 4b5fa18..016886c 100644
--- a/src/Xdbe.c
+++ b/src/Xdbe.c
@@ -39,6 +39,8 @@
#include <X11/extensions/extutil.h>
#include <X11/extensions/Xdbe.h>
#include <X11/extensions/dbeproto.h>
+#include <limits.h>
+#include "eat.h"
static XExtensionInfo _dbe_info_data;
static XExtensionInfo *dbe_info = &_dbe_info_data;
@@ -352,9 +354,12 @@ XdbeScreenVisualInfo *XdbeGetVisualInfo (
*num_screens = rep.m;
/* allocate list of visual information to be returned */
- if (!(scrVisInfo =
- (XdbeScreenVisualInfo *)Xmalloc(
- (unsigned)(*num_screens * sizeof(XdbeScreenVisualInfo))))) {
+ if ((*num_screens > 0) && (*num_screens < 65536))
+ scrVisInfo = Xmalloc(*num_screens * sizeof(XdbeScreenVisualInfo));
+ else
+ scrVisInfo = NULL;
+ if (scrVisInfo == NULL) {
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
@@ -362,25 +367,27 @@ XdbeScreenVisualInfo *XdbeGetVisualInfo (
for (i = 0; i < *num_screens; i++)
{
- int nbytes;
int j;
- long c;
+ unsigned long c;
- _XRead32 (dpy, &c, sizeof(CARD32));
- scrVisInfo[i].count = c;
+ _XRead32 (dpy, (long *) &c, sizeof(CARD32));
- nbytes = scrVisInfo[i].count * sizeof(XdbeVisualInfo);
+ if (c < 65536) {
+ scrVisInfo[i].count = c;
+ scrVisInfo[i].visinfo = Xmalloc(c * sizeof(XdbeVisualInfo));
+ } else
+ scrVisInfo[i].visinfo = NULL;
/* if we can not allocate the list of visual/depth info
* then free the lists that we already allocate as well
* as the visual info list itself
*/
- if (!(scrVisInfo[i].visinfo = (XdbeVisualInfo *)Xmalloc(
- (unsigned)nbytes))) {
+ if (scrVisInfo[i].visinfo == NULL) {
for (j = 0; j < i; j++) {
Xfree ((char *)scrVisInfo[j].visinfo);
}
Xfree ((char *)scrVisInfo);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
commit 082d70b19848059ba78c9d1c315114fb07e8c0ef
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 14:40:33 2013 -0800
integer overflow in XcupStoreColors() [CVE-2013-1982 2/6]
If the computed number of entries is large enough that it overflows when
multiplied by the size of a xColorItem struct, or is treated as negative
when compared to the size of the stack allocated buffer, then memory
corruption can occur when more bytes are read from the X server than the
size of the buffer we allocated to hold them.
The requirement to match the number of colors specified by the caller makes
this much harder to hit than the one in XcupGetReservedColormapEntries()
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/Xcup.c b/src/Xcup.c
index 670f356..cdc64c2 100644
--- a/src/Xcup.c
+++ b/src/Xcup.c
@@ -219,24 +219,21 @@ XcupStoreColors(
}
if (_XReply(dpy, (xReply *)&rep, 0, xFalse)) {
- long nbytes;
+ unsigned long nbytes;
xColorItem* rbufp;
xColorItem* cs;
- int nentries = rep.length / 3;
-
- nbytes = nentries * SIZEOF (xColorItem);
+ unsigned int nentries = rep.length / 3;
- if (nentries != ncolors) {
- _XEatDataWords(dpy, rep.length);
- UnlockDisplay (dpy);
- SyncHandle ();
- return False;
- }
+ if ((nentries == ncolors) &&
+ (nentries < (INT_MAX / SIZEOF (xColorItem)))) {
+ nbytes = nentries * SIZEOF (xColorItem);
- if (ncolors > 256)
- rbufp = (xColorItem*) Xmalloc (nbytes);
- else
- rbufp = rbuf;
+ if (ncolors > 256)
+ rbufp = Xmalloc (nbytes);
+ else
+ rbufp = rbuf;
+ } else
+ rbufp = NULL;
if (rbufp == NULL) {
_XEatDataWords(dpy, rep.length);
commit d05f27a6f74cb419ad5a437f2e4690b17e7faee5
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Mar 9 14:40:33 2013 -0800
integer overflow in XcupGetReservedColormapEntries() [CVE-2013-1982 1/6]
If the computed number of entries is large enough that it overflows when
multiplied by the size of a xColorItem struct, or is treated as negative
when compared to the size of the stack allocated buffer, then memory
corruption can occur when more bytes are read from the X server than the
size of the buffer we allocated to hold them.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/Xcup.c b/src/Xcup.c
index 1f1d625..670f356 100644
--- a/src/Xcup.c
+++ b/src/Xcup.c
@@ -36,6 +36,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/cupproto.h>
#include <X11/extensions/Xext.h>
#include <X11/extensions/extutil.h>
+#include <limits.h>
#include "eat.h"
static XExtensionInfo _xcup_info_data;
@@ -134,15 +135,19 @@ XcupGetReservedColormapEntries(
req->xcupReqType = X_XcupGetReservedColormapEntries;
req->screen = screen;
if (_XReply(dpy, (xReply *)&rep, 0, xFalse)) {
- long nbytes;
+ unsigned long nbytes;
xColorItem* rbufp;
- int nentries = rep.length / 3;
+ unsigned int nentries = rep.length / 3;
- nbytes = nentries * SIZEOF (xColorItem);
- if (nentries > TYP_RESERVED_ENTRIES)
- rbufp = (xColorItem*) Xmalloc (nbytes);
- else
- rbufp = rbuf;
+ if (nentries < (INT_MAX / SIZEOF (xColorItem))) {
+ nbytes = nentries * SIZEOF (xColorItem);
+
+ if (nentries > TYP_RESERVED_ENTRIES)
+ rbufp = Xmalloc (nbytes);
+ else
+ rbufp = rbuf;
+ } else
+ rbufp = NULL;
if (rbufp == NULL) {
_XEatDataWords(dpy, rep.length);
commit ca84a813716f9de691dc3f60390d83af4b5ae534
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Apr 13 09:32:12 2013 -0700
Use _XEatDataWords to avoid overflow of rep.length bit shifting
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/COPYING b/COPYING
index 80622a0..e3a63ef 100644
--- a/COPYING
+++ b/COPYING
@@ -160,7 +160,8 @@ makes no representations about the suitability for any purpose
of the information in this document. This documentation is
provided ``as is'' without express or implied warranty.
-Copyright (c) 1999, 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 1999, 2005, 2006, 2013, Oracle and/or its affiliates.
+All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
diff --git a/configure.ac b/configure.ac
index 63775de..fb9888d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -38,6 +38,12 @@ AC_SUBST(XEXT_SOREV)
# Obtain compiler/linker options for depedencies
PKG_CHECK_MODULES(XEXT, [xproto >= 7.0.13] [x11 >= 1.1.99.1] [xextproto >= 7.1.99])
+# Check for _XEatDataWords function that may be patched into older Xlib releases
+SAVE_LIBS="$LIBS"
+LIBS="$XEXT_LIBS"
+AC_CHECK_FUNCS([_XEatDataWords])
+LIBS="$SAVE_LIBS"
+
# Allow checking code with lint, sparse, etc.
XORG_WITH_LINT
XORG_LINT_LIBRARY([Xext])
diff --git a/src/Makefile.am b/src/Makefile.am
index e236c33..b828547 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -12,6 +12,7 @@ libXext_la_LDFLAGS = -version-number $(XEXT_SOREV) -no-undefined
libXext_la_LIBADD = $(XEXT_LIBS)
libXext_la_SOURCES = \
+ eat.h \
DPMS.c \
MITMisc.c \
XAppgroup.c \
diff --git a/src/XEVI.c b/src/XEVI.c
index eb09daa..0125c51 100644
--- a/src/XEVI.c
+++ b/src/XEVI.c
@@ -30,6 +30,8 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include <X11/extensions/Xext.h>
#include <X11/extensions/extutil.h>
#include <X11/Xutil.h>
+#include "eat.h"
+
static XExtensionInfo *xevi_info;/* needs to move to globals.c */
static const char *xevi_extension_name = EVINAME;
#define XeviCheckExtension(dpy,i,val) \
@@ -171,7 +173,7 @@ Status XeviGetVisualInfo(
xInfoPtr = temp_xInfo = (xExtendedVisualInfo *)Xmalloc(sz_xInfo);
xConflictPtr = temp_conflict = (VisualID32 *)Xmalloc(sz_xConflict);
if (!*evi_return || !temp_xInfo || !temp_conflict) {
- _XEatData(dpy, (sz_xInfo + sz_xConflict + 3) & ~3);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay(dpy);
SyncHandle();
if (evi_return)
diff --git a/src/XMultibuf.c b/src/XMultibuf.c
index 7a746ba..43d56d3 100644
--- a/src/XMultibuf.c
+++ b/src/XMultibuf.c
@@ -34,6 +34,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/extutil.h>
#include <X11/extensions/multibufproto.h>
#include <X11/extensions/multibuf.h>
+#include "eat.h"
static XExtensionInfo _multibuf_info_data;
static XExtensionInfo *multibuf_info = &_multibuf_info_data;
@@ -408,7 +409,7 @@ Status XmbufGetWindowAttributes (
attr->buffers = (Multibuffer *) Xmalloc((unsigned) nbytes);
nbytes = rep.length << 2;
if (! attr->buffers) {
- _XEatData(dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay(dpy);
SyncHandle();
return (0);
diff --git a/src/XSecurity.c b/src/XSecurity.c
index f8c7da1..ab17755 100644
--- a/src/XSecurity.c
+++ b/src/XSecurity.c
@@ -33,6 +33,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/extutil.h>
#include <X11/extensions/securproto.h>
#include <X11/extensions/security.h>
+#include "eat.h"
static XExtensionInfo _Security_info_data;
static XExtensionInfo *Security_info = &_Security_info_data;
@@ -282,7 +283,7 @@ XSecurityGenerateAuthorization(
}
else
{
- _XEatData(dpy, (unsigned long) (rep.dataLength + 3) & ~3);
+ _XEatDataWords(dpy, rep.length);
}
UnlockDisplay (dpy);
diff --git a/src/XShape.c b/src/XShape.c
index 6e8fbae..3987876 100644
--- a/src/XShape.c
+++ b/src/XShape.c
@@ -35,6 +35,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/extutil.h>
#include <X11/extensions/shape.h>
#include <X11/extensions/shapeproto.h>
+#include "eat.h"
static XExtensionInfo _shape_info_data;
static XExtensionInfo *shape_info = &_shape_info_data;
@@ -468,7 +469,7 @@ XRectangle *XShapeGetRectangles (
Xfree (xrects);
if (rects)
Xfree (rects);
- _XEatData (dpy, *count * sizeof (xRectangle));
+ _XEatDataWords (dpy, rep.length);
rects = NULL;
*count = 0;
} else {
diff --git a/src/XSync.c b/src/XSync.c
index 5775293..3ca1308 100644
--- a/src/XSync.c
+++ b/src/XSync.c
@@ -59,6 +59,7 @@ PERFORMANCE OF THIS SOFTWARE.
#include <X11/extensions/extutil.h>
#include <X11/extensions/sync.h>
#include <X11/extensions/syncproto.h>
+#include "eat.h"
static XExtensionInfo _sync_info_data;
static XExtensionInfo *sync_info = &_sync_info_data;
@@ -364,7 +365,7 @@ XSyncListSystemCounters(Display *dpy, int *n_counters_return)
{
if (list) Xfree((char *) list);
if (pWireSysCounter) Xfree((char *) pWireSysCounter);
- _XEatData(dpy, (unsigned long) replylen);
+ _XEatDataWords(dpy, rep.length);
list = NULL;
goto bail;
}
diff --git a/src/Xcup.c b/src/Xcup.c
index bb9e90f..1f1d625 100644
--- a/src/Xcup.c
+++ b/src/Xcup.c
@@ -36,6 +36,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/cupproto.h>
#include <X11/extensions/Xext.h>
#include <X11/extensions/extutil.h>
+#include "eat.h"
static XExtensionInfo _xcup_info_data;
static XExtensionInfo *xcup_info = &_xcup_info_data;
@@ -144,7 +145,7 @@ XcupGetReservedColormapEntries(
rbufp = rbuf;
if (rbufp == NULL) {
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return False;
@@ -221,7 +222,7 @@ XcupStoreColors(
nbytes = nentries * SIZEOF (xColorItem);
if (nentries != ncolors) {
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return False;
@@ -233,7 +234,7 @@ XcupStoreColors(
rbufp = rbuf;
if (rbufp == NULL) {
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return False;
diff --git a/src/eat.h b/src/eat.h
new file mode 100644
index 0000000..239532b
--- /dev/null
+++ b/src/eat.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the next
+ * paragraph) shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#ifndef HAVE__XEATDATAWORDS
+#include <X11/Xmd.h> /* for LONG64 on 64-bit platforms */
+#include <limits.h>
+
+static inline void _XEatDataWords(Display *dpy, unsigned long n)
+{
+# ifndef LONG64
+ if (n >= (ULONG_MAX >> 2))
+ _XIOError(dpy);
+# endif
+ _XEatData (dpy, n << 2);
+}
+#endif
commit 8eee1236041d46a21faba32e0d27c26985267d89
Author: Colin Walters <walters@verbum.org>
Date: Wed Jan 4 17:37:06 2012 -0500
autogen.sh: Implement GNOME Build API
http://people.gnome.org/~walters/docs/build-api.txt
Signed-off-by: Adam Jackson <ajax@redhat.com>
diff --git a/autogen.sh b/autogen.sh
index 904cd67..fc34bd5 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -9,4 +9,6 @@ cd $srcdir
autoreconf -v --install || exit 1
cd $ORIGDIR || exit $?
-$srcdir/configure --enable-maintainer-mode "$@"
+if test -z "$NOCONFIGURE"; then
+ $srcdir/configure "$@"
+fi
commit dbf4b9ec4a8aa97b0c47d58ee158dd3aa8832af5
Author: Adam Jackson <ajax@redhat.com>
Date: Tue Jan 15 14:28:48 2013 -0500
configure: Remove AM_MAINTAINER_MODE
Signed-off-by: Adam Jackson <ajax@redhat.com>
diff --git a/configure.ac b/configure.ac
index 7f81504..63775de 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8,7 +8,6 @@ AC_CONFIG_HEADERS([config.h])
# Initialize Automake
AM_INIT_AUTOMAKE([foreign dist-bzip2])
-AM_MAINTAINER_MODE
# Initialize libtool
AC_PROG_LIBTOOL
commit 7081afc98643e3ef8a3ed711183c8fc8fef30cfa
Author: Eric S. Raymond <esr@thyrsus.com>
Date: Thu Aug 23 13:34:16 2012 -0400
Replace presentationm-level requests with .RS/RE.
This will assist translation to DocBook.
Signed-off-by: Eric S. Raymond <esr@thyrsus.com>
diff --git a/man/XShape.man b/man/XShape.man
index 44fedfe..feff37c 100644
--- a/man/XShape.man
+++ b/man/XShape.man
@@ -123,8 +123,7 @@ XRectangle *XShapeGetRectangles (
.fi
.SH STRUCTURES
.nf
-.LP
-.ta 3i
+.ft CW
typedef struct {
int type; /\&* of event */
unsigned long serial; /\&* # of last request processed by server */
@@ -137,38 +136,39 @@ typedef struct {
Time time; /\&* server timestamp when region changed */
Bool shaped; /\&* true if the region exists */
} XShapeEvent;
+.ft
.fi
.SH DESCRIPTION
The \fIX11 Nonrectangular Window Shape Extension\fP adds nonrectangular
windows to the X Window System.
.SH PREDEFINED VALUES
Operations:
-.in +.5i
+.RS
.nf
.ZN ShapeSet
.ZN ShapeUnion
.ZN ShapeIntersect
.ZN ShapeSubtract
.ZN ShapeInvert
-.in -.5i
.fi
+.RE
.sp
Shape Kinds:
-.in +.5i
+.RS
.nf
.ZN ShapeBounding
.ZN ShapeClip
-.in -.5i
.fi
+.RE
.sp
Event defines:
-.in +.5i
+.RS
.nf
.ZN ShapeNotifyMask
.ZN ShapeNotify
-.in -.5i
.fi
+.RE
.SH BUGS
-This manual pages needs a lot more work.
+This manual page needs a lot more work.
.SH SEE ALSO
\fIX11 Nonrectangular Window Shape Extension\fP
commit d618eac132fc9e13bbfb9e58e3375f015db2a179
Author: Eric S. Raymond <esr@thyrsus.com>
Date: Thu Aug 23 13:25:27 2012 -0400
Replace various unsafe presentation-level requests with .RS/.RE and .EX/EE.
These can be translated structurally into DocBook.
diff --git a/man/Xmbuf.man b/man/Xmbuf.man
index 08e85b7..9954d92 100644
--- a/man/Xmbuf.man
+++ b/man/Xmbuf.man
@@ -36,25 +36,32 @@
.ie t \fB\^\\$1\^\fR\\$2
.el \fI\^\\$1\^\fP\\$2
..
+.de EX
+.nf
+.ft CW
+..
+.de EE
+.ft
+.fi
+..
.TH XMBUF __libmansuffix__ __xorgversion__ "X FUNCTIONS"
.SH NAME
XmbufQueryExtension, XmbufGetVersion, XmbufCreateBuffers, XmbufDestroyBuffers, XmbufDisplayBuffers, XmbufGetWindowAttributes, XmbufChangeWindowAttributes, XmbufGetBufferAttributes, XmbufChangeBufferAttributes, XmbufGetScreenInfo, XmbufCreateStereoWindow - X multibuffering functions
.SH SYNTAX
-.nf
-.LP
+.EX
\&#include <X11/extensions/multibuf.h>
-.LP
+
Bool XmbufQueryExtension(
Display *dpy,
Display *dpy,
int *event_base_return,
int *error_base_return);
-.LP
+
Status XmbufGetVersion(
Display *dpy,
int *major_version_return,
int *minor_version_return);
-.LP
+
int XmbufCreateBuffers(
Display *dpy,
Window window,
@@ -62,40 +69,40 @@ int XmbufCreateBuffers(
int update_action,
int update_hint,
Multibuffer *buffers_update);
-.LP
+
void XmbufDestroyBuffers(
Display *dpy,
Window window);
-.LP
+
void XmbufDisplayBuffers(
Display *dpy,
int count,
Multibuffer *buffers,
int min_delay,
int max_delay);
-.LP
+
Status XmbufGetWindowAttributes(
Display *dpy,
Window window,
XmbufWindowAttributes *attributes);
-.LP
+
void XmbufChangeWindowAttributes(
Display *dpy,
Window window,
unsigned long valuemask,
XmbufSetWindowAttributes *attributes);
-.LP
+
Status XmbufGetBufferAttributes(
Display *dpy,
Multibuffer buffer,
XmbufBufferAttributes *attributes);
-.LP
+
void XmbufChangeBufferAttributes(
Display *dpy,
Multibuffer buffer,
unsigned long valuemask,
XmbufSetBufferAttributes *attributes);
-.LP
+
Status XmbufGetScreenInfo(
Display *dpy,
Drawable drawable,
@@ -103,7 +110,7 @@ Status XmbufGetScreenInfo(
XmbufBufferInfo **mono_info_return,
int *nstereo_return,
XmbufBufferInfo **stereo_info_return);
-.LP
+
Window XmbufCreateStereoWindow(
Display *dpy,
Window parent,
@@ -119,29 +126,31 @@ Window XmbufCreateStereoWindow(
XSetWindowAttributes *attributes,
Multibuffer *left_return,
Multibuffer *right_return);
-.fi
+.EE
.SH STRUCTURES
-.nf
-.ta 3i
\fIEvents:\fP
+.EX
typedef struct {
- int type; /\&* of event */
- unsigned long serial; /\&* # of last request processed by server */
- int send_event; /\&* true if this came from a SendEvent request */
- Display *display; /\&* Display the event was read from */
- Multibuffer buffer; /\&* buffer of event */
- int state; /\&* see Clobbered constants above */
+ int type; /\&* of event */
+ unsigned long serial; /\&* # of last request processed by server */
+ int send_event; /\&* true if this came from a SendEvent request */
+ Display *display; /\&* Display the event was read from */
+ Multibuffer buffer; /\&* buffer of event */
+ int state; /\&* see Clobbered constants above */
} XmbufClobberNotifyEvent;
-.LP
+
typedef struct {
- int type; /\&* of event */
- unsigned long serial; /\&* # of last request processed by server */
- int send_event; /\&* true if this came from a SendEvent request */
- Display *display; /\&* Display the event was read from */
- Multibuffer buffer; /\&* buffer of event */
+ int type; /\&* of event */
+ unsigned long serial; /\&* # of last request processed by server */
+ int send_event; /\&* true if this came from a SendEvent request */
+ Display *display; /\&* Display the event was read from */
+ Multibuffer buffer; /\&* buffer of event */
} XmbufUpdateNotifyEvent;
-.LP
+.EE
+
\fIPer-window attributes that can be got:\fP
+
+.EX
typedef struct {
int displayed_index; /\&* which buffer is being displayed */
int update_action; /\&* Undefined, Background, Untouched, Copied */
@@ -150,32 +159,44 @@ typedef struct {
int nbuffers; /\&* Number of buffers */
Multibuffer *buffers; /\&* Buffers */
} XmbufWindowAttributes;
-.LP
+.EE
+
\fIPer-window attributes that can be set:\fP
+
+.EX
typedef struct {
int update_hint; /\&* Frequent, Intermittent, Static */
} XmbufSetWindowAttributes;
-.LP
+.EE
+
\fIPer-buffer attributes that can be got:\fP
+
+.EX
typedef struct {
Window window; /\&* which window this belongs to */
unsigned long event_mask; /\&* events that have been selected */
int buffer_index; /\&* which buffer is this */
int side; /\&* Mono, Left, Right */
} XmbufBufferAttributes;
-.LP
+.EE
+
\fIPer-buffer attributes that can be set:\fP
+
+.EX
typedef struct {
unsigned long event_mask; /\&* events that have been selected */
} XmbufSetBufferAttributes;
Reply to: