| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
While runnig some X11 applications on an Arm Morello platform I noticed
bus errors inside xrender. XRenderInfo uses a single malloc call to
allocate multiple objects in one single allocation and places those objects
directly after the XRenderInfo object. However, these calculations do not
ensure that this objects are sufficiently aligned. I noticed this because
on Morello (and other CHERI-enabled architectures) pointers need to be
strongly aligned. Instead of allocating a single block with potentially
misaligned subsequent objects, this change uses seprate allocations for
the four arrays.
This is an alternative to https://gitlab.freedesktop.org/xorg/lib/libxrender/-/merge_requests/12
Signed-off-by: Alex Richardson <arichardson@FreeBSD.org>
|
|
AC_PROG_LIBTOOL was replaced by LT_INIT in libtool 2 in 2008,
so it's time to rely on it.
Clears autoconf warnings:
configure.ac:45: warning: The macro `AC_PROG_LIBTOOL' is obsolete.
configure.ac:45: You should run autoupdate.
aclocal.m4:3465: AC_PROG_LIBTOOL is expanded from...
configure.ac:45: the top level
libtoolize: Consider adding 'AC_CONFIG_MACRO_DIRS([m4])' to configure.ac,
libtoolize: and rerunning libtoolize and aclocal.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
|
|
|
|
Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
|
|
Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
|
|
Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
|
|
Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
|
|
Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
|
|
Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
|
|
Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
|
|
Xrender.c: In function ‘XRenderQueryFormats’:
Xrender.c:406:19: warning: declaration of ‘xDepth’ shadows a global declaration [-Wshadow]
xPictDepth *xDepth;
^~~~~~
In file included from /net/also.us.oracle.com/export/alanc/X.Org/amd64-gcc/install/usr/X11R7/include/X11/Xlibint.h:43:0,
from Xrenderint.h:31,
from Xrender.c:28:
/net/also.us.oracle.com/export/alanc/X.Org/amd64-gcc/install/usr/X11R7/include/X11/Xproto.h:329:7: note: shadowed declaration is here
} xDepth;
^~~~~~
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
These are not needed in C89 and later
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Rationale: I don't have enough expertise to judge on how the tessellation
algorithm is broken in XRenderComputeTrapezoids but I do trust Keith Packard
that it is. However using cairo for proper tessellation, as he suggests, is
too heavyweight, and here I propose to alter the code to at least do not cause
coredumps.
Even if/when the function will be marked as obsolete, I believe it is pretty
much capable of rendering relatively simple shapes, and still retains some
value.
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Found by using:
codespell --builtin clear,rare,usage,informal,code,names
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Robin Linden <dev@robinlinden.eu>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Mihail Konev <k.mvc@ya.ru>
|
|
Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
fall-outs, when they contain space.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Syncs the invocation of configure with the one from the server.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
|
|
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
|
|
Individual lengths inside received server data can overflow
the previously reserved memory.
It is therefore important to validate every single length
field to not overflow the previously agreed sum of all invidual
length fields.
v2: consume remaining bytes in the reply buffer on error.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb@laas.fr
|
|
The memory for filter names is reserved right after receiving the reply.
After that, filters are iterated and each individual filter name is
stored in that reserved memory.
The individual name lengths are not checked for validity, which means
that a malicious server can reserve less memory than it will write to
during each iteration.
v2: consume remaining bytes in reply buffer on error.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
Before this patch, it wasn't mentioned in this file at all, which
is a monumental oversight.
Signed-off-by: Lauri Kasanen <cand@gmx.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Request length calculation inside XRenderCompositeText32 is broken for
the case where the number of glyphs fits exactky inside the last
xGlyphElt.
In XRenderCompositeText8 and XRenderCompositeText16 this case is
handled properly, somehow the "-1" got missing in
XRenderCompositeText32.
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
_XEatDataWords was orignally introduced with the May 2013 security
patches, and in order to ease the process of delivering those,
fallback versions of _XEatDataWords were included in the X extension
library patches so they could be applied to older versions that didn't
have libX11 1.6 yet. Now that we're past that hurdle, we can drop
the fallbacks and just require libX11 1.6 for building new versions
of the extension libraries.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
The length and numIndexValues members of the reply are both CARD32 and
need to be bounds checked before multiplying by sizeof (XIndexValue) to
avoid integer overflow leading to underallocation and writing data from
the network past the end of the allocated buffer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
The length, numFormats, numScreens, numDepths, and numVisuals members of
the reply are all CARD32 and need to be bounds checked before multiplying
and adding them together to come up with the total size to allocate, to
avoid integer overflow leading to underallocation and writing data from
the network past the end of the allocated buffer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
The length, numFilters & numAliases members of the reply are all CARD32
and need to be bounds checked before multiplying & adding them together
to come up with the total size to allocate, to avoid integer overflow
leading to underallocation and writing data from the network past the
end of the allocated buffer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
http://people.gnome.org/~walters/docs/build-api.txt
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Due to C arithmetic conversion rules we must use an unsigned constant (or a
cast) to perform the multiplication using unsigned arithmetic.
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}'
git diff -w & git diff -b show no diffs from this change
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Clears Sun compiler warning:
"Xrender.c", line 127: warning: integer overflow detected: op "<<"
since 1 << 31 overflows a signed 32-bit int.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Group statements per section as per Autoconf standard layout
Quote statements where appropriate.
Autoconf recommends not using dnl instead of # for comments
Use AC_CONFIG_FILES to replace the deprecated AC_OUTPUT with parameters.
Add AC_CONFIG_SRCDIR([Makefile.am])
Remove redundant AC_SUBST(*_CFLAGS) and/or *_LIBS
Update minimum version of util-macros to at least 1.8.
No functional configuration changes
This helps automated maintenance and release activities.
Details can be found in http://wiki.x.org/wiki/NewModuleGuidelines
|
|
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
XORG_STRICT_OPTION from XORG_DEFAULT_OPTIONS calls
AC_PROG_C_C99. This sets gcc with -std=gnu99.
If AC_PROG_CC macro is called afterwards, it resets CC to gcc.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
|
|
Signed-off-by: Fernando Carrijo <fcarrijo@yahoo.com.br>
Acked-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
