summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2013-05-03 22:48:11 -0700
committerAlan Coopersmith <alan.coopersmith@oracle.com>2013-05-03 23:07:14 -0700
commit73e77eb21d649edc1ce1746739f9358e337b2935 (patch)
treede6d657f0e537deecd8a2173bf5e80aee4594272
parent1af52cb334377611233d7dc156bc1e6f7923756d (diff)
Use _XEatDataWords to avoid overflow of rep.length bit shifting
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-rw-r--r--configure.ac6
-rw-r--r--src/Filter.c2
-rw-r--r--src/Xrender.c4
-rw-r--r--src/Xrenderint.h14
4 files changed, 23 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac
index 19dce7a..7c2496c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -58,6 +58,12 @@ AC_SUBST(RENDER_VERSION)
# Obtain compiler/linker options for depedencies
PKG_CHECK_MODULES(RENDER, x11 renderproto >= $RENDER_VERSION)
+# Check for _XEatDataWords function that may be patched into older Xlib release
+SAVE_LIBS="$LIBS"
+LIBS="$RENDER_LIBS"
+AC_CHECK_FUNCS([_XEatDataWords])
+LIBS="$SAVE_LIBS"
+
AC_CONFIG_FILES([Makefile
src/Makefile
xrender.pc])
diff --git a/src/Filter.c b/src/Filter.c
index 5fe9df9..924b2a3 100644
--- a/src/Filter.c
+++ b/src/Filter.c
@@ -79,7 +79,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
if (!filters)
{
- _XEatData (dpy, (unsigned long) rep.length << 2);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
diff --git a/src/Xrender.c b/src/Xrender.c
index 769503a..5c8e5f5 100644
--- a/src/Xrender.c
+++ b/src/Xrender.c
@@ -475,7 +475,7 @@ XRenderQueryFormats (Display *dpy)
{
if (xri) Xfree (xri);
if (xData) Xfree (xData);
- _XEatData (dpy, nbytes);
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return 0;
@@ -859,7 +859,7 @@ XRenderQueryPictIndexValues(Display *dpy,
values = (XIndexValue *)Xmalloc (rlength);
if (!values)
{
- _XEatData (dpy, nbytes);
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return NULL;
diff --git a/src/Xrenderint.h b/src/Xrenderint.h
index 57b13da..daaa6fe 100644
--- a/src/Xrenderint.h
+++ b/src/Xrenderint.h
@@ -109,4 +109,18 @@ XRenderFindDisplay (Display *dpy);
#define DataInt32(dpy,d,len) Data(dpy,(char *) (d),len)
#endif
+#ifndef HAVE__XEATDATAWORDS
+#include <X11/Xmd.h> /* for LONG64 on 64-bit platforms */
+#include <limits.h>
+
+static inline void _XEatDataWords(Display *dpy, unsigned long n)
+{
+# ifndef LONG64
+ if (n >= (ULONG_MAX >> 2))
+ _XIOError(dpy);
+# endif
+ _XEatData (dpy, n << 2);
+}
+#endif
+
#endif /* _XRENDERINT_H_ */