libxrandr: Changes to 'debian-unstable'
ChangeLog | 84 ++++++++++++++++++++++++++++++++++++++++
configure.ac | 2
debian/changelog | 10 ++++
debian/control | 12 ++---
debian/copyright | 2
debian/upstream/signing-key.asc | 64 ++++++++++++++++++++++++++++++
debian/watch | 2
src/XrrConfig.c | 32 +++++++++------
src/XrrCrtc.c | 83 ++++++++++++++++++++++++++++++---------
src/XrrMonitor.c | 25 ++++++++++-
src/XrrOutput.c | 11 +++++
src/XrrProvider.c | 28 +++++++++++--
src/XrrScreen.c | 56 +++++++++++++++++---------
13 files changed, 344 insertions(+), 67 deletions(-)
New commits:
commit b195413968237dc5015c982e738838d087b70c2b
Author: Andreas Boll <andreas.boll.dev@gmail.com>
Date: Fri Oct 7 13:42:08 2016 +0200
Bump Standards-Version to 3.9.8, no changes needed.
diff --git a/debian/changelog b/debian/changelog
index 4e08f6d..0fb9c20 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ libxrandr (2:1.5.1-1) UNRELEASED; urgency=medium
- Fixes CVE-2016-7947 and CVE-2016-7948.
* Update d/upstream/signing-key.asc with Matthieu Herrb's key.
* Update a bunch of URLs in packaging to https.
+ * Bump Standards-Version to 3.9.8, no changes needed.
-- Andreas Boll <andreas.boll.dev@gmail.com> Fri, 07 Oct 2016 13:38:27 +0200
diff --git a/debian/control b/debian/control
index 9b97265..510e461 100644
--- a/debian/control
+++ b/debian/control
@@ -17,7 +17,7 @@ Build-Depends:
automake,
libtool,
xutils-dev (>= 1:7.5+4),
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxrandr.git
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxrandr.git
commit 0d5009c4d391b9aecdf5364d81d7bb103d7dfb08
Author: Andreas Boll <andreas.boll.dev@gmail.com>
Date: Fri Oct 7 13:41:45 2016 +0200
Update a bunch of URLs in packaging to https.
diff --git a/debian/changelog b/debian/changelog
index 88b0347..4e08f6d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ libxrandr (2:1.5.1-1) UNRELEASED; urgency=medium
* New upstream release.
- Fixes CVE-2016-7947 and CVE-2016-7948.
* Update d/upstream/signing-key.asc with Matthieu Herrb's key.
+ * Update a bunch of URLs in packaging to https.
-- Andreas Boll <andreas.boll.dev@gmail.com> Fri, 07 Oct 2016 13:38:27 +0200
diff --git a/debian/control b/debian/control
index 3493e47..9b97265 100644
--- a/debian/control
+++ b/debian/control
@@ -18,8 +18,8 @@ Build-Depends:
libtool,
xutils-dev (>= 1:7.5+4),
Standards-Version: 3.9.6
-Vcs-Git: git://git.debian.org/git/pkg-xorg/lib/libxrandr
-Vcs-Browser: http://git.debian.org/?p=pkg-xorg/lib/libxrandr.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxrandr.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-xorg/lib/libxrandr.git
Package: libxrandr2
Section: libs
@@ -35,7 +35,7 @@ Description: X11 RandR extension library
such as resolution, rotation, and reflection.
.
More information about X.Org can be found at:
- <URL:http://www.X.org>
+ <URL:https://www.X.org>
.
This module can be found at
git://anongit.freedesktop.org/git/xorg/lib/libXrandr
@@ -57,7 +57,7 @@ Description: X11 RandR extension library (debug package)
Non-developers likely have little use for this package.
.
More information about X.Org can be found at:
- <URL:http://www.X.org>
+ <URL:https://www.X.org>
.
This module can be found at
git://anongit.freedesktop.org/git/xorg/lib/libXrandr
@@ -85,7 +85,7 @@ Description: X11 RandR extension library (development headers)
libxrandr2. Non-developers likely have little use for this package.
.
More information about X.Org can be found at:
- <URL:http://www.X.org>
+ <URL:https://www.X.org>
.
This module can be found at
git://anongit.freedesktop.org/git/xorg/lib/libXrandr
diff --git a/debian/copyright b/debian/copyright
index 0cb8d6c..674e200 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,5 +1,5 @@
This package was downloaded from
-http://xorg.freedesktop.org/releases/individual/lib/
+https://xorg.freedesktop.org/releases/individual/lib/
Copyright © 2000, Compaq Computer Corporation,
Copyright © 2002, Hewlett Packard, Inc.
diff --git a/debian/watch b/debian/watch
index 673b481..b91c305 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,4 +1,4 @@
#git=git://anongit.freedesktop.org/xorg/lib/libXrandr
version=3
opts=pgpsigurlmangle=s/$/.sig/ \
-http://xorg.freedesktop.org/releases/individual/lib/ libXrandr-(.*)\.tar\.gz
+https://xorg.freedesktop.org/releases/individual/lib/ libXrandr-(.*)\.tar\.gz
commit 0d44adf959c9c1370d5e25fabe9374859d78de62
Author: Andreas Boll <andreas.boll.dev@gmail.com>
Date: Fri Oct 7 13:39:26 2016 +0200
Update d/upstream/signing-key.asc with Matthieu Herrb's key.
diff --git a/debian/changelog b/debian/changelog
index 9b827b9..88b0347 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ libxrandr (2:1.5.1-1) UNRELEASED; urgency=medium
* New upstream release.
- Fixes CVE-2016-7947 and CVE-2016-7948.
+ * Update d/upstream/signing-key.asc with Matthieu Herrb's key.
-- Andreas Boll <andreas.boll.dev@gmail.com> Fri, 07 Oct 2016 13:38:27 +0200
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
index dfe9054..add0104 100644
--- a/debian/upstream/signing-key.asc
+++ b/debian/upstream/signing-key.asc
@@ -109,3 +109,67 @@ xjRzzOuOtaxMftMlZwRNXm1zh5CTzMOYpXeetPXrLwUOSF5VeN8AK//gGlbjZt1o
iQyTzgz/F98QzHzNrRk8DdK4kxVkpvk=
=G7Eh
-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFeKY50BEADAX0lod3IVceb/IWJn3kTAcO2P7PWlcBiyUDaq5b2kFkliKleZ
+ec4LoCHakQBlkRBMPNwOOxvADNk3tLQjBDpbYr6lQIrN+AxMGkXBhJ82T3bsDvlj
+3Z1wRJ1zVA7eMIktsk0FAoJxV1y7e3sBKcP0eTlXqXvR2djhi+FW+ueJDAJIFSkb
+uFirgwtX5t8nt8jCmIl75KNUKOakoENY3hLWtr16W8fO1JGkEhghI2mXcz664KTd
+MPZp6JH0/8UHTHzmATOCTqNxoDtMTi2l5059Lh/nhmso9moTYqyKmaJP2rnZUr62
+97sRMG4WcxaYfWpPyO3MCmDyGeh4sW0OC06PpED3i9xMzf/kMkMdY4ZIFcLRcPtf
+LIJhw+lc/GE1Rqe961IB5xCgnZezB7ZIL+ZlOAMwKGkq7lLbcZr2QZn84lpABKF0
+AvxECoJ4etmIcdbDVmsw18AhA3u9sr98hS5IXDyeos3Xwz6Abml8aPrhqhkKvo+J
+Kcq9FNYHg0RRlos0TqocjDzGnUjEYrmIopLcwIu2SnsNSJTygZGtqrpT+2sGEqvm
+k6Oyk95QCa580zqldvxe3CG0vrAfPvoG7irllM68TS4JcqqDHTq6eupUv9ZdIzXf
+eyTHa5cytGahgVtUcui1lzqcCBkqwN8TKl+0wCcEnxRasHJy3A2Gp+AG3wARAQAB
+tCJNYXR0aGlldSBIZXJyYiA8bWF0dGhpZXVAaGVycmIuZXU+iQI+BBMBAgAoBQJX
+imOdAhsDBQkDwmcABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoc5PuN9Eo
++PF1EACldzZPNYaC9H5E9sMn9pMsJTucBYVUy74Aw6MWAiAzRpxb9DmySmC2oEYW
+JJkwDTwv6M0Na0ed6zD79GKtAalORz2GppZpS7uoINClElWoM5TCYph6linyv9Wj
+OTlcbpX0Jqw0tdHNI2UOEjvBP3vW9kVYpEhfnHET8Ncp55j1hzoqxOhGIBE/67zc
+cLAenONAvA3YN3tHTGaOaFv+vuCFRJx9FpKbGHmdUPd3MtLqtaA4EQvDvDEholEI
+eWrjmdXJibSet6Amc5AIdFaQevZiADjjMh8MINw/6OEy9OB4s+z1RzgOrHgLiIZm
+dlP6WrNjXQwl2gmNPhctGaSHM+j2+3gckNGlI4LQYxNtKvI4iv/CoHDYmwgrcrZO
+TwFHfqt0LwqjpsU203Hw609oWYcxLeGZdITBjDz20UcfsmKQDqrBq3P1FuC5GBW3
+5bEa3wAhyE+/WKhJ94bXiHmpKsp50va3bEe17uQcYd8+E8L53aR7XP87qaHx//Mu
++OQa5Wc2d1OFHf1Mi62nbzr7pws/Mf7OSf/tnhRthuwtlfYnsUVo8usUKL/xStqo
+Ul4kc/Q81AlyaZfr7dbxsQWm2q3ksLaMaAxnk0p+kMXVzXZ9GKNOgUOJdbahORs5
+RU2f44xzfNavb63u3McADtaXskl+KHB4uDbGbGESVhm5PULk37QnTWF0dGhpZXUg
+SGVycmIgPG1hdHRoaWV1LmhlcnJiQGxhYXMuZnI+iQI+BBMBAgAoBQJXlJ63AhsD
+BQkDwmcABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoc5PuN9Eo+PKID/wM
+II+2d11clp1X7eZgkxkAHUhI2W3NSesuFnjkkQRKQoVMokDdeSOkBhMJuWoFfbZk
+jYs2VHU9029rDqcoDSqGwo2IffvrXXJ4SjOTjlvXS1lr/H2VdWRbq8ImnDwSsoiD
+dWB3dZyqzf7ABKZ7ccA+NMSs6NxeEN/0+0sTJ386Zp480ByNX0uPqYSq5lX/VEke
+nI8r02u2ZfuykhGkT0sM013VprfYLa+6HvF+QT9KfP220mqRbonaDkYvCxwjCMzd
+rUmvyqw3VsooUpg/W/PmDNeShSuOxebaGnFyGTNvTarElCBdynFD01dqOecOqfY8
+gy+PJ1aF1qjmf+RQD/SZq+gvgyXqyBhJy7zgJnzzNWzDlUIw0ZOLyZxzFR7lRV79
+2mrGgczlQr5rLAgBy2pgwsCmP7nFx50r4ft2juugnQixoOBU/YfhBplM76EROaCc
+MTs5nPEqzJ9p4SNkPcK8AroR2Ka3+f7t+XOoHpx/XhJOBYlPaUmoFkWKr0Y8BWWh
+1nJxyFKrSNbwUgam8ypZzwzbI1vDiX8Ol6NpEeOLwzFNT0pyTdC9UN93M1VIyKWC
+1vaeMogUREKT6SmDjRn3fISktZ0IGVf2AnFMhtgZ46TJO4BZgDdZAjTkZc/lP0yF
+Nl6MpGwnaymmL50ckT77OdlfIcXFwvNPFwWlFPlcyrkCDQRXimOdARAA4otssvZm
+sKg+g0bVyJHhn/YOHLYMih+Xf07xJHyalH0UCGnGdHZwl0B97G950SwQ7yVXtGa9
+CAPe97clE6dPD6jaumQ13BHavXM+ThgjCe8V56ayYcdzqFkxlCx0Uocoa63G0/cE
+TiOqeqhNZs8JY+D7l83jCa4lU/1pLusbkCpCQ7d5/FFLz7QSihzJWp+UTsjbNik5
+spaseEMGFRKUcB3SZ/l1dTgc0wBQ1hlvLX+h4/sG0iUs1pVpo5ORC+bUfWRokl96
+uj5QZz5rY21FaNSP1rB1HKHNkwhxifBCHQMhYGTXvD7GH+JNyF2TdRmo7eBCfAPJ
+aP3mX9t2SkCipdSsUs+Uuyib9MLA71ApW90AGiRm6HtOCxR0c3+qQRNIdFVm8mnM
+hCxXRexf6Z2wZdXXy6uY0LVRgI0o31NPJPk8l2Hnb/kHGxjyUFzEWh65J/eA368d
+4m8uF+Rr7WWlpQjwgWHU12kGThEVFFBFh2gmeIjYZdDDVhCi2mQ6lGSV2Pt7pZYL
+/PPChWLBqrVBkIUQ0GV22nRYvGdaIv2LVPu8PggbPs/wwh35nJ3rUQyJF55CFV5y
+WIWAWXfRYTKG9jkt+ncjZLEBxDO26zzO/MjIVPZxGyYryXEOgr6xp38xbyX9FpjL
+KBaIueLWEyphVjBb1uUpDGx+UDYe9vbJjPUAEQEAAYkCJQQYAQIADwUCV4pjnQIb
+DAUJA8JnAAAKCRBoc5PuN9Eo+D8dEACa60Q3ta6BWyHG0SOgfYGHE15LodACVHNI
+N6Ou+JtmLarMW/AvPclNC25mxZV0ywLbun4CnJ9qYbt/Kx7djn48mrNa0rKN8Q+V
+K5RvQA1kD890yzwu5jH6r5BQ8VBcfsPvsvatgbquzFn+NNiH9U4xRf/9BSY2Zk3G
+yA15xG0T9zoklOMg8MWbeRaJPkDELyaHPWerbO7rebynePENSFPz3o3g+K9WcCM2
+xkEL571SmT4z3Mp/p0pwemWBCP2WoKCnSjAGiiHpCFru3SlZhRIvNJyK5jeS/IU6
+d5qeTBse6TXzp6Q4xkzACIN66P5SG/YY3/ONbfs6wB3lIkvVC9n7jEXjMK1T0fK8
+9DBDjzvAkJcKLLuIljjkMhRWSCED74sn+MlaWm0xMeo276EnaVILNcrHecSr8+eX
+pVXSWEJ1+ErzZladJC+CrqUm0QljPV8Smtmk9MvOLHZ4qL4bI4Hu7MywuGNrLSol
+qO0pAT1AjaYTRuH2MhZ6mJe/EtSl0EHXEkcDteE4jbYj3lwVhA1c/So0CdayImmD
+/0tdqUfekw4va8PpbQ0wroL0XUvf3wl6HOhFhahWSqqb1fVr2slVttkaMb8M4MPt
+Ka2m4qiiuGYivPIAVapSEA4DYc+krVqVXV/yDd3T7XcNtnClVo+rmOn5WiGq24am
+79+hF4bWyw==
+=WW1Z
+-----END PGP PUBLIC KEY BLOCK-----
commit 3a0b5ca3a3af9bae8c203876430a679edaad4f15
Author: Andreas Boll <andreas.boll.dev@gmail.com>
Date: Fri Oct 7 13:39:14 2016 +0200
Bump changelogs
diff --git a/ChangeLog b/ChangeLog
index c43ecd3..46edca6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,87 @@
+commit 54ac1eb5d14636002b018607227c6d52cca0b754
+Author: Matthieu Herrb <matthieu.herrb@laas.fr>
+Date: Tue Oct 4 21:23:23 2016 +0200
+
+ libXrandr 1.5.1
+
+ Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
+
+commit a0df3e1c7728205e5c7650b2e6dce684139254a6
+Author: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Sun Sep 25 22:21:40 2016 +0200
+
+ Avoid out of boundary accesses on illegal responses
+
+ The responses of the connected X server have to be properly checked
+ to avoid out of boundary accesses that could otherwise be triggered
+ by a malicious server.
+
+ Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+ Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+
+commit 8ac94020b018105240ea45a87df2603d1eb5808b
+Author: walter harms <wharms@bfs.de>
+Date: Thu Jul 28 19:32:46 2016 +0200
+
+ fix: redundant null check on calling free()
+
+ janitorial patch: remove some unneeded if() before free()
+
+ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+
+commit 4ed36e386b21c1a65d614d5bf2b2c82d1e74ae2e
+Author: walter harms <wharms@bfs.de>
+Date: Thu Jul 28 19:31:10 2016 +0200
+
+ fix: doGetScreenResources() info: redundant null check on calling free()
+
+ janitorial patch: remove some unneeded if() before free()
+
+ Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+
+commit 4437436906cbba5121115e552d564262e8b4c784
+Author: Keith Packard <keithp@keithp.com>
+Date: Tue Dec 16 01:55:30 2014 -0800
+
+ Add monitors, update to version 1.5 (v2)
+
+ v2: [airlied]
+ xrandr was giving the outputs from 0 for each monitor instead of
+ incrementing the pointer.
+ add get_active support.
+
+ Reviewed-by: Dave Airlie <airlied@redhat.com>
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+
+commit 7402eaa0185110a60cf4aae32d7b470c1372b45b
+Author: Keith Packard <keithp@keithp.com>
+Date: Tue Dec 16 17:05:18 2014 -0800
+
+ libXrandr: Clean up compiler warnings
+
+ This removes warnings about shadowing local variables with the same
+ name, and type mismatches with _XRead32.
+
+ Reviewed-by: Dave Airlie <airlied@redhat.com>
+ Signed-off-by: Keith Packard <keithp@keithp.com>
+
+commit bc00b4fb0b52ed2f6f8544fa3b5da9693ee7ed90
+Author: Michael Joost <mehl@michael-joost.de>
+Date: Mon Nov 18 16:11:26 2013 +0100
+
+ Remove fallback for _XEatDataWords, require libX11 1.6 for it
+
+ _XEatDataWords was orignally introduced with the May 2013 security
+ patches, and in order to ease the process of delivering those,
+ fallback versions of _XEatDataWords were included in the X extension
+ library patches so they could be applied to older versions that didn't
+ have libX11 1.6 yet. Now that we're past that hurdle, we can drop
+ the fallbacks and just require libX11 1.6 for building new versions
+ of the extension libraries.
+
+ Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
commit 30a7b506ae2071b8d265ce4eaeed1af60bc7ee7b
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Sep 7 21:50:49 2013 -0700
diff --git a/debian/changelog b/debian/changelog
index e5e4ed8..9b827b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libxrandr (2:1.5.1-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+ - Fixes CVE-2016-7947 and CVE-2016-7948.
+
+ -- Andreas Boll <andreas.boll.dev@gmail.com> Fri, 07 Oct 2016 13:38:27 +0200
+
libxrandr (2:1.5.0-1) sid; urgency=medium
* New upstream release.
commit 54ac1eb5d14636002b018607227c6d52cca0b754
Author: Matthieu Herrb <matthieu.herrb@laas.fr>
Date: Tue Oct 4 21:23:23 2016 +0200
libXrandr 1.5.1
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
diff --git a/configure.ac b/configure.ac
index d0baa08..90621fc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,7 +29,7 @@ AC_PREREQ([2.60])
# digit in the version number to track changes which don't affect the
# protocol, so Xrandr version l.n.m corresponds to protocol version l.n
#
-AC_INIT([libXrandr], [1.5.0],
+AC_INIT([libXrandr], [1.5.1],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXrandr])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h])
commit a0df3e1c7728205e5c7650b2e6dce684139254a6
Author: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun Sep 25 22:21:40 2016 +0200
Avoid out of boundary accesses on illegal responses
The responses of the connected X server have to be properly checked
to avoid out of boundary accesses that could otherwise be triggered
by a malicious server.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
diff --git a/src/XrrConfig.c b/src/XrrConfig.c
index 2f0282b..e68c45a 100644
--- a/src/XrrConfig.c
+++ b/src/XrrConfig.c
@@ -29,6 +29,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -272,23 +273,30 @@ static XRRScreenConfiguration *_XRRGetScreenInfo (Display *dpy,
rep.rate = 0;
rep.nrateEnts = 0;
}
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytes = (long) rep.length << 2;
+ nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
+ ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */);
- nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
- ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */);
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+ rbytes = sizeof (XRRScreenConfiguration) +
+ (rep.nSizes * sizeof (XRRScreenSize) +
+ rep.nrateEnts * sizeof (int));
- rbytes = sizeof (XRRScreenConfiguration) +
- (rep.nSizes * sizeof (XRRScreenSize) +
- rep.nrateEnts * sizeof (int));
+ scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ scp = NULL;
+ }
- scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
if (scp == NULL) {
_XEatData (dpy, (unsigned long) nbytes);
return NULL;
diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c
index 5ae35c5..6665092 100644
--- a/src/XrrCrtc.c
+++ b/src/XrrCrtc.c
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -57,22 +58,33 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources *resources, RRCrtc crtc)
return NULL;
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2)
+ {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nOutput * 4 +
- rep.nPossibleOutput * 4);
+ nbytesRead = (long) (rep.nOutput * 4 +
+ rep.nPossibleOutput * 4);
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
- rbytes = (sizeof (XRRCrtcInfo) +
- rep.nOutput * sizeof (RROutput) +
- rep.nPossibleOutput * sizeof (RROutput));
+ rbytes = (sizeof (XRRCrtcInfo) +
+ rep.nOutput * sizeof (RROutput) +
+ rep.nPossibleOutput * sizeof (RROutput));
+
+ xci = (XRRCrtcInfo *) Xmalloc(rbytes);
+ }
+ else
+ {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xci = NULL;
+ }
- xci = (XRRCrtcInfo *) Xmalloc(rbytes);
if (xci == NULL) {
_XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
@@ -194,12 +206,21 @@ XRRGetCrtcGamma (Display *dpy, RRCrtc crtc)
if (!_XReply (dpy, (xReply *) &rep, 0, xFalse))
goto out;
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2)
+ {
+ nbytes = (long) rep.length << 2;
- /* three channels of CARD16 data */
- nbytesRead = (rep.size * 2 * 3);
+ /* three channels of CARD16 data */
+ nbytesRead = (rep.size * 2 * 3);
- crtc_gamma = XRRAllocGamma (rep.size);
+ crtc_gamma = XRRAllocGamma (rep.size);
+ }
+ else
+ {
+ nbytes = 0;
+ nbytesRead = 0;
+ crtc_gamma = NULL;
+ }
if (!crtc_gamma)
{
@@ -357,7 +378,7 @@ XRRGetCrtcTransform (Display *dpy,
xRRGetCrtcTransformReq *req;
int major_version, minor_version;
XRRCrtcTransformAttributes *attr;
- char *extra = NULL, *e;
+ char *extra = NULL, *end = NULL, *e;
int p;
*attributes = NULL;
@@ -395,9 +416,17 @@ XRRGetCrtcTransform (Display *dpy,
else
{
int extraBytes = rep.length * 4 - CrtcTransformExtra;
- extra = Xmalloc (extraBytes);
+ if (rep.length < INT_MAX / 4 &&
+ rep.length * 4 >= CrtcTransformExtra) {
+ extra = Xmalloc (extraBytes);
+ end = extra + extraBytes;
+ } else
+ extra = NULL;
if (!extra) {
- _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
+ if (rep.length > (CrtcTransformExtra >> 2))
+ _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
+ else
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return False;
@@ -429,22 +458,38 @@ XRRGetCrtcTransform (Display *dpy,
e = extra;
+ if (e + rep.pendingNbytesFilter > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (attr->pendingFilter, e, rep.pendingNbytesFilter);
attr->pendingFilter[rep.pendingNbytesFilter] = '\0';
e += (rep.pendingNbytesFilter + 3) & ~3;
for (p = 0; p < rep.pendingNparamsFilter; p++) {
INT32 f;
+ if (e + 4 > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (&f, e, 4);
e += 4;
attr->pendingParams[p] = (XFixed) f;
}
attr->pendingNparams = rep.pendingNparamsFilter;
+ if (e + rep.currentNbytesFilter > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (attr->currentFilter, e, rep.currentNbytesFilter);
attr->currentFilter[rep.currentNbytesFilter] = '\0';
e += (rep.currentNbytesFilter + 3) & ~3;
for (p = 0; p < rep.currentNparamsFilter; p++) {
INT32 f;
+ if (e + 4 > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (&f, e, 4);
e += 4;
attr->currentParams[p] = (XFixed) f;
diff --git a/src/XrrMonitor.c b/src/XrrMonitor.c
index a9eaa7b..adc5330 100644
--- a/src/XrrMonitor.c
+++ b/src/XrrMonitor.c
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -65,6 +66,15 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors)
return NULL;
}
+ if (rep.length > INT_MAX >> 2 ||
+ rep.nmonitors > INT_MAX / SIZEOF(xRRMonitorInfo) ||
+ rep.noutputs > INT_MAX / 4 ||
+ rep.nmonitors * SIZEOF(xRRMonitorInfo) > INT_MAX - rep.noutputs * 4) {
+ _XEatData (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
nbytes = (long) rep.length << 2;
nmon = rep.nmonitors;
noutput = rep.noutputs;
@@ -111,6 +121,14 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors)
mon[m].outputs = output;
buf += SIZEOF (xRRMonitorInfo);
xoutput = (CARD32 *) buf;
+ if (xmon->noutput > rep.noutputs) {
+ Xfree(buf);
+ Xfree(mon);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+ rep.noutputs -= xmon->noutput;
for (o = 0; o < xmon->noutput; o++)
output[o] = xoutput[o];
output += xmon->noutput;
diff --git a/src/XrrOutput.c b/src/XrrOutput.c
index 85f0b6e..30f3d40 100644
--- a/src/XrrOutput.c
+++ b/src/XrrOutput.c
@@ -25,6 +25,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -60,6 +61,16 @@ XRRGetOutputInfo (Display *dpy, XRRScreenResources *resources, RROutput output)
return NULL;
}
+ if (rep.length > INT_MAX >> 2 || rep.length < (OutputInfoExtra >> 2))
+ {
+ if (rep.length > (OutputInfoExtra >> 2))
+ _XEatDataWords (dpy, rep.length - (OutputInfoExtra >> 2));
+ else
+ _XEatDataWords (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
nbytes = ((long) (rep.length) << 2) - OutputInfoExtra;
nbytesRead = (long) (rep.nCrtcs * 4 +
diff --git a/src/XrrProvider.c b/src/XrrProvider.c
index 9e620c7..d796cd0 100644
--- a/src/XrrProvider.c
+++ b/src/XrrProvider.c
@@ -25,6 +25,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -59,12 +60,20 @@ XRRGetProviderResources(Display *dpy, Window window)
return NULL;
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nProviders * 4);
+ nbytesRead = (long) (rep.nProviders * 4);
- rbytes = (sizeof(XRRProviderResources) + rep.nProviders * sizeof(RRProvider));
- xrpr = (XRRProviderResources *) Xmalloc(rbytes);
+ rbytes = (sizeof(XRRProviderResources) + rep.nProviders *
+ sizeof(RRProvider));
+ xrpr = (XRRProviderResources *) Xmalloc(rbytes);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xrpr = NULL;
+ }
if (xrpr == NULL) {
_XEatDataWords (dpy, rep.length);
@@ -121,6 +130,17 @@ XRRGetProviderInfo(Display *dpy, XRRScreenResources *resources, RRProvider provi
return NULL;
}
+ if (rep.length > INT_MAX >> 2 || rep.length < ProviderInfoExtra >> 2)
+ {
+ if (rep.length < ProviderInfoExtra >> 2)
+ _XEatDataWords (dpy, rep.length);
+ else
+ _XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2));
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+
nbytes = ((long) rep.length << 2) - ProviderInfoExtra;
nbytesRead = (long)(rep.nCrtcs * 4 +
diff --git a/src/XrrScreen.c b/src/XrrScreen.c
index b8ce7e5..1f7ffe6 100644
--- a/src/XrrScreen.c
+++ b/src/XrrScreen.c
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -105,27 +106,36 @@ doGetScreenResources (Display *dpy, Window window, int poll)
xrri->has_rates = _XRRHasRates (xrri->minor_version, xrri->major_version);
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nCrtcs * 4 +
- rep.nOutputs * 4 +
- rep.nModes * SIZEOF (xRRModeInfo) +
- ((rep.nbytesNames + 3) & ~3));
+ nbytesRead = (long) (rep.nCrtcs * 4 +
+ rep.nOutputs * 4 +
+ rep.nModes * SIZEOF (xRRModeInfo) +
+ ((rep.nbytesNames + 3) & ~3));
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
+
+ rbytes = (sizeof (XRRScreenResources) +
+ rep.nCrtcs * sizeof (RRCrtc) +
+ rep.nOutputs * sizeof (RROutput) +
+ rep.nModes * sizeof (XRRModeInfo) +
+ rep.nbytesNames + rep.nModes); /* '\0' terminate names */
- rbytes = (sizeof (XRRScreenResources) +
- rep.nCrtcs * sizeof (RRCrtc) +
- rep.nOutputs * sizeof (RROutput) +
- rep.nModes * sizeof (XRRModeInfo) +
- rep.nbytesNames + rep.nModes); /* '\0' terminate names */
+ xrsr = (XRRScreenResources *) Xmalloc(rbytes);
+ wire_names = (char *) Xmalloc (rep.nbytesNames);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xrsr = NULL;
+ wire_names = NULL;
+ }
- xrsr = (XRRScreenResources *) Xmalloc(rbytes);
- wire_names = (char *) Xmalloc (rep.nbytesNames);
if (xrsr == NULL || wire_names == NULL) {
Xfree (xrsr);
Xfree (wire_names);
@@ -174,6 +184,14 @@ doGetScreenResources (Display *dpy, Window window, int poll)
wire_name = wire_names;
for (i = 0; i < rep.nModes; i++) {
xrsr->modes[i].name = names;
+ if (xrsr->modes[i].nameLength > rep.nbytesNames) {
+ Xfree (xrsr);
+ Xfree (wire_names);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+ rep.nbytesNames -= xrsr->modes[i].nameLength;
memcpy (names, wire_name, xrsr->modes[i].nameLength);
names[xrsr->modes[i].nameLength] = '\0';
names += xrsr->modes[i].nameLength + 1;
commit 8ac94020b018105240ea45a87df2603d1eb5808b
Author: walter harms <wharms@bfs.de>
Date: Thu Jul 28 19:32:46 2016 +0200
fix: redundant null check on calling free()
janitorial patch: remove some unneeded if() before free()
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
diff --git a/src/XrrMonitor.c b/src/XrrMonitor.c
index 71d3943..a9eaa7b 100644
--- a/src/XrrMonitor.c
+++ b/src/XrrMonitor.c
@@ -84,8 +84,8 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors)
mon = Xmalloc (rbytes);
if (buf == NULL || mon == NULL) {
- if (buf != NULL) Xfree(buf);
- if (mon != NULL) Xfree(mon);
+ Xfree(buf);
+ Xfree(mon);
_XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
@@ -194,7 +194,6 @@ XRRAllocateMonitor(Display *dpy, int noutput)
void
XRRFreeMonitors(XRRMonitorInfo *monitors)
{
- if (monitors)
- Xfree(monitors);
+ Xfree(monitors);
}
commit 4ed36e386b21c1a65d614d5bf2b2c82d1e74ae2e
Author: walter harms <wharms@bfs.de>
Date: Thu Jul 28 19:31:10 2016 +0200
fix: doGetScreenResources() info: redundant null check on calling free()
janitorial patch: remove some unneeded if() before free()
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
diff --git a/src/XrrScreen.c b/src/XrrScreen.c
index f29071c..b8ce7e5 100644
--- a/src/XrrScreen.c
+++ b/src/XrrScreen.c
@@ -127,8 +127,8 @@ doGetScreenResources (Display *dpy, Window window, int poll)
xrsr = (XRRScreenResources *) Xmalloc(rbytes);
wire_names = (char *) Xmalloc (rep.nbytesNames);
if (xrsr == NULL || wire_names == NULL) {
- if (xrsr) Xfree (xrsr);
- if (wire_names) Xfree (wire_names);
+ Xfree (xrsr);
+ Xfree (wire_names);
_XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
Reply to: