summaryrefslogtreecommitdiff
path: root/dbe
AgeCommit message (Collapse)AuthorFilesLines
2015-04-21Convert top level extensions to new *allocarray functionsAlan Coopersmith2-9/+7
v2: remove now useless parentheses Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Matt Turner <mattst88@gmail.com>
2014-12-09dbe: Call to DDX SwapBuffers requires address of int, not unsigned int ↵Keith Packard1-2/+4
[CVE-2014-8097 pt. 2] When the local types used to walk the DBE request were changed, this changed the type of the parameter passed to the DDX SwapBuffers API, but there wasn't a matching change in the API definition. At this point, with the API frozen, I just stuck a new variable in with the correct type. Because we've already bounds-checked nStuff to be smaller than UINT32_MAX / sizeof(DbeSwapInfoRec), we know it will fit in a signed int without overflow. Signed-off-by: Keith Packard <keithp@keithp.com Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2014-12-08dbe: unvalidated lengths in DbeSwapBuffers calls [CVE-2014-8097]Alan Coopersmith1-3/+8
ProcDbeSwapBuffers() has a 32bit (n) length value that it uses to read from a buffer. The length is never validated, which can lead to out of bound reads, and possibly returning the data read from out of bounds to the misbehaving client via an X Error packet. SProcDbeSwapBuffers() swaps data (for correct endianness) before handing it off to the real proc. While doing the swapping, the length field is not validated, which can cause memory corruption. v2: reorder checks to avoid compilers optimizing out checks for overflow that happen after we'd already have done the overflowing multiplications. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2014-11-12Drop trailing whitespacesPeter Hutterer4-25/+25
sed -i "s/[ ]\+$//g" **/*.(c|h) happy reviewing... git diff -w is an empty diff. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2014-01-12Replace 'pointer' type with 'void *'Keith Packard2-8/+8
This lets us stop using the 'pointer' typedef in Xdefs.h as 'pointer' is used throughout the X server for other things, and having duplicate names generates compiler warnings. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Eric Anholt <eric@anholt.net>
2013-09-10dbe: Fold the window private private into the window privateAdam Jackson5-142/+54
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Adam Jackson <ajax@redhat.com>
2013-09-10dbe: Fold midbe reset into dixAdam Jackson3-33/+1
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Adam Jackson <ajax@redhat.com>
2013-09-10dbe: Drop the unused idiom supportAdam Jackson3-74/+2
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Adam Jackson <ajax@redhat.com>
2012-07-09Move extension initialisation prototypes into extinit.hDaniel Stone2-2/+1
Create extinit.h (and xf86Extensions.h, for Xorg-specific extensions) to hold all our extension initialisation prototypes, rather than duplicating them everywhere. Signed-off-by: Daniel Stone <daniel@fooishbar.org> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Keith Packard <keithp@keithp.com>
2012-07-09Use C99 designated initializers in various extension RepliesAlan Coopersmith1-16/+18
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Keith Packard <keithp@keithp.com> Tested-by: Daniel Stone <daniel@fooishbar.org>
2012-07-09Remove unneccesary casts from WriteToClient callsAlan Coopersmith1-7/+5
Casting return to (void) was used to tell lint that you intended to ignore the return value, so it didn't warn you about it. Casting the third argument to (char *) was used as the most generic pointer type in the days before compilers supported C89 (void *) (except for a couple places it's used for byte-sized pointer math). Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Keith Packard <keithp@keithp.com> Tested-by: Daniel Stone <daniel@fooishbar.org>
2012-03-21Indentation: Change '& stuff' to '&stuff'Daniel Stone1-1/+1
If the typedef wasn't perfect, indent would get confused and change: foo = (SomePointlessTypedef *) &stuff[1]; to: foo = (SomePointlessTypedef *) & stuff[1]; Fix this up with a really naïve sed script, plus some hand-editing to change some false positives in XKB back. Signed-off-by: Daniel Stone <daniel@fooishbar.org>
2012-03-21Introduce a consistent coding styleKeith Packard5-848/+659
This is strictly the application of the script 'x-indent-all.sh' from util/modular. Compared to the patch that Daniel posted in January, I've added a few indent flags: -bap -psl -T PrivatePtr -T pmWait -T _XFUNCPROTOBEGIN -T _XFUNCPROTOEND -T _X_EXPORT The typedefs were needed to make the output of sdksyms.sh match the previous output, otherwise, the code is formatted badly enough that sdksyms.sh generates incorrect output. The generated code was compared with the previous version and found to be essentially identical -- "assert" line numbers and BUILD_TIME were the only differences found. The comparison was done with this script: dir1=$1 dir2=$2 for dir in $dir1 $dir2; do (cd $dir && find . -name '*.o' | while read file; do dir=`dirname $file` base=`basename $file .o` dump=$dir/$base.dump objdump -d $file > $dump done) done find $dir1 -name '*.dump' | while read dump; do otherdump=`echo $dump | sed "s;$dir1;$dir2;"` diff -u $dump $otherdump done Signed-off-by: Keith Packard <keithp@keithp.com> Acked-by: Daniel Stone <daniel@fooishbar.org> Acked-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2011-09-23Unconditionally #include <stdint.h>Alan Coopersmith1-5/+0
The more recent inclusions of this file haven't been checking for HAVE_STDINT_H, so might as well make the older ones consistent. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com> Reviewed-by: Jamey Sharp <jamey@minilop.net>
2011-09-21Use internal temp variable for swap macrosMatt Turner1-37/+26
Also, fix whitespace, mainly around swaps(&rep.sequenceNumber) Reviewed-by: Peter Harris <pharris@opentext.com> Signed-off-by: Matt Turner <mattst88@gmail.com>
2011-05-02Clean up memory better when GetVisualInfo fails in ProcDbeGetVisualInfoAlan Coopersmith1-14/+11
Use calloc to initialize pScrVisInfo array so we don't have to check which ones were already initialized when freeing them all. On failure, set rc if necessary, and jump to code at end that already frees all the necessary allocations and return rc. Fixes parfait reported error: Error: Memory leak (CWE 401) Memory leak of pointer 'pScrVisInfo' allocated with malloc((count * 16)) at line 724 of dbe/dbe.c in function 'ProcDbeGetVisualInfo'. 'pScrVisInfo' allocated at line 693 with malloc((count * 16)). pScrVisInfo leaks when rc != 0 at line 710 and j >= i at line 716. [ This bug was found by the Parfait 0.3.7 bug checking tool. For more information see http://labs.oracle.com/projects/parfait/ ] Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
2010-07-02miDbe window priv priv is pre-allocated, don't use dixSetPrivate (bug 28639)Keith Packard1-6/+0
miDbeInit pre-allocates space in each DBE window private private for a MiDbeWindowPrivPrivRec. miDbeAllocBackBufferName used the pre-allocated space correctly (simply fetching it instead of allocating a new piece of memory). However, it then called dixSetPrivate anyways, which isn't necessary, and (in the new dixPrivate world) causes an assert failure. Signed-off-by: Keith Packard <keithp@keithp.com> Tested-by: Magnus Kessler <Magnus.Kessler@gmx.net> Reviewed-by: Magnus Kessler <Magnus.Kessler@gmx.net>
2010-07-02Delete unused miDbe screen private private datatypeKeith Packard1-16/+0
MiDbeScreenPrivPrivRec is not used in the server. Remove it, along with the MI_DBE_SCREEN_PRIV_PRIV macro that tried to use it. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Magnus.Kessler <Magnus.Kessler@gmx.net>
2010-06-10Remove unnecessary parentheses around return values in functionsMikhail Gusarov2-43/+43
This patch was generated by the following Perl code: perl -i -pe 's/([^_])return\s*\(\s*([^(]+?)\s*\)s*;(\s+(\n))?/$1return $2;$4/g;' Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net> Reviewed-by: Jamey Sharp <jamey@minilop.net> Reviewed-by: Daniel Stone <daniel@fooishbar.org> Signed-off-by: Keith Packard <keithp@keithp.com>
2010-06-06Remove more superfluous if(p) checks around free(p)Mikhail Gusarov1-12/+3
This patch has been generated by the following Coccinelle semantic patch: @@ expression E; @@ -if(E) { free(E); } +free(E); Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net> Reviewed-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Fernando Carrijo <fcarrijo@yahoo.com.br> Reviewed-by: Matt Turner <mattst88@gmail.com>
2010-06-05Change the devPrivates API to require dixRegisterPrivateKeyKeith Packard4-45/+29
This patch only changes the API, not the implementation of the devPrivates infrastructure. This will permit a new devPrivates implementation to be layed into the server without requiring simultaneous changes in every devPrivates user. Signed-off-by: Keith Packard <keithp@keithp.com> Tested-by: Tiago Vignatti <tiago.vignatti@nokia.com>
2010-06-05Remove dixRegisterPrivateOffset; hard-code devPrivates offsets insteadKeith Packard1-4/+0
For predefined resource types, the offset of the devPrivates field was already kept in a constant table. The only non-predefined type needing this treatment was dbeDrawableResType, which is just a magic alias for RT_PIXMAP. This patch special-cases looking up RC_DRAWABLE offsets and uses the table directly for everything else. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Jamey Sharp <jamey@minilop.net>
2010-06-02Fix pixmap validation in miDbePositionWindow.Aaron Plattner1-6/+14
miDbePositionWindow allocates two pixmaps: a front buffer, and a back buffer. If the buffers are supposed to be initialized, it validates a GC against the front buffer, then uses it to fill and/or copy both the front buffer *and* the back buffer, without revalidating. If the acceleration architecture needs different GC funcs for the two pixmaps -- for example if allocation of the front buffer exhausted video memory -- then this can cause crashes because the GC is not validated for the back buffer pixmap. Fix this by performing the rendering for the front buffer first, then revalidating against the back buffer before performing the back buffer rendering. Signed-off-by: Aaron Plattner <aplattner@nvidia.com> Reviewed-by: Jamey Sharp <jamey@minilop.net> Signed-off-by: Keith Packard <keithp@keithp.com>
2010-05-19Add typed resource-lookup errors for non-core resource types.Jamey Sharp1-2/+4
Signed-off-by: Jamey Sharp <jamey@minilop.net> Reviewed-by: Adam Jackson <ajax@redhat.com>
2010-05-15Remove dbe screen private privates.Keith Packard2-7/+1
Each DBE Screen private structure could have nested privates. Oddly, no code ever used them. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Jamey Sharp <jamey@minilop.net>
2010-05-13Eliminate boilerplate around client->noClientException.Jamey Sharp1-3/+3
Just let Dispatch() check for a noClientException, rather than making every single dispatch procedure take care of it. Signed-off-by: Jamey Sharp <jamey@minilop.net> Reviewed-by: Daniel Stone <daniel@fooishbar.org>
2010-05-13Replace dixChangeGC with calls directly to the right variant.Jamey Sharp1-1/+1
Signed-off-by: Jamey Sharp <jamey@minilop.net> Reviewed-by: Keith Packard <keithp@keithp.com>
2010-05-12Kill DoChangeGC in favor of dixChangeGC.Jamey Sharp1-14/+8
This doesn't change any behavior, but it isn't clear whether NullClient is correct in all cases. As ajax says, > For most of these changes, I think it's correct to use NullClient, > since they are server-initiated changes and should not fail for (eg) > xace reasons. ... At any rate, you're certainly not changing any > semantics by leaving them all as NullClient, so this patch can't be > more wrong than before. Signed-off-by: Jamey Sharp <jamey@minilop.net> Reviewed-by: Keith Packard <keithp@keithp.com>
2010-05-13Replace X-allocation functions with their C89 counterpartsMikhail Gusarov2-27/+27
The only remaining X-functions used in server are XNF*, the rest is converted to plain alloc/calloc/realloc/free/strdup. X* functions are still exported from server and x* macros are still defined in header file, so both ABI and API are not affected by this change. Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2009-12-18Add type name argument to CreateNewResourceTypeAlan Coopersmith1-5/+2
Convert all calls of CreateNewResourceType to pass name argument Breaks DIX ABI. ABI versions bumped: Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com> Reviewed-by: Keith Packard <keithp@keithp.com> Signed-off-by: Keith Packard <keithp@keithp.com>
2009-12-18Ensure all resource types created have names registeredAlan Coopersmith1-0/+3
Calls RegisterResourceName to record the type name for use by X-Resource, XACE/SELinux/XTsol, and DTrace. Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com> Reviewed-by: Keith Packard <keithp@keithp.com>
2009-12-18Check for failures from CreateNewResourceTypeAlan Coopersmith1-1/+8
Make sure to check return value before setting bitmask flags. For most calls, just fails to init the extension. Since Xinput already calls FatalError() on initialization failure, so does failure to allocate Xinput's resource type. Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com> Reviewed-by: Keith Packard <keithp@keithp.com>
2009-07-17dbe: Fix indentationAdam Jackson1-5/+5
2009-07-17dbe: Adapt to new headersAdam Jackson1-1/+15
2009-07-14dbe: switch to byte counting functionsPeter Hutterer1-1/+1
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2009-04-29Fix most remaining deprecated resource lookups.Eamon Walsh1-14/+19
Callsites updated to use dixLookupResourceBy{Type,Class}. TODO: Audit access modes to make sure they reflect the usage.
2008-12-12Remove #define NEED_EVENTS and NEED_REPLIESPeter Hutterer2-3/+0
A grep on xorg/* revealed there's no consumer of this define. Quote Alan Coopersmith: "The consumer was in past versions of the headers now located in proto/x11proto - for instance, in X11R6.0's xc/include/Xproto.h, all the event definitions were only available if NEED_EVENTS were defined, and all the reply definitions required NEED_REPLIES. Looks like Xproto.h dropped them by X11R6.3, which didn't have the #ifdef's anymore, so these are truly ancient now." Signed-off-by: Peter Hutterer <peter.hutterer@redhat.com> Signed-off-by: Adam Jackson <ajax@redhat.com>
2008-12-03Rework symbol visibility for easier maintenancePaulo Cesar Pereira de Andrade2-2/+2
Save in a few special cases, _X_EXPORT should not be used in C source files. Instead, it should be used in headers, and the proper C source include that header. Some special cases are symbols that need to be shared between modules, but not expected to be used by external drivers, and symbols that are accessible via LoaderSymbol/dlopen. This patch also adds conditionally some new sdk header files, depending on extensions enabled. These files were added to match pattern for other extensions/modules, that is, have the headers "deciding" symbol visibility in the sdk. These headers are: o Xext/panoramiXsrv.h, Xext/panoramiX.h o fbpict.h (unconditionally) o vidmodeproc.h o mioverlay.h (unconditionally, used only by xaa) o xfixes.h (unconditionally, symbols required by dri2) LoaderSymbol and similar functions now don't have different prototypes, in loaderProcs.h and xf86Module.h, so that both headers can be included, without the need of defining IN_LOADER. xf86NewInputDevice() device prototype readded to xf86Xinput.h, but not exported (and with a comment about it).
2008-11-29Export symbols defined in the sdk.Paulo Cesar Pereira de Andrade1-1/+1
This is the biggest "visibility" patch. Instead of doing a "export" symbol on demand, export everything in the sdk, so that if some module fails due to an unresolved symbol, it is because it is using a symbol not in the sdk. Most exported symbols shouldn't really be made visible, neither advertised in the sdk, as they are only used by a single shared object. Symbols in the sdk (or referenced in sdk macros), but not defined anywhere include: XkbBuildCoreState() XkbInitialMap XkbXIUnsupported XkbCheckActionVMods() XkbSendCompatNotify() XkbDDXFakePointerButton() XkbDDXApplyConfig() _XkbStrCaseCmp() _XkbErrMessages[] _XkbErrCode _XkbErrLocation _XkbErrData XkbAccessXDetailText() XkbNKNDetailMaskText() XkbLookupGroupAndLevel() XkbInitAtoms() XkbGetOrderedDrawables() XkbFreeOrderedDrawables() XkbConvertXkbComponents() XkbWriteXKBSemantics() XkbWriteXKBLayout() XkbWriteXKBKeymap() XkbWriteXKBFile() XkbWriteCFile() XkbWriteXKMFile() XkbWriteToServer() XkbMergeFile() XkmFindTOCEntry() XkmReadFileSection() XkmReadFileSectionName() InitExtInput() xf86CheckButton() xf86SwitchCoreDevice() RamDacSetGamma() RamDacRestoreDACValues() xf86Bpp xf86ConfigPix24 xf86MouseCflags[] xf86SupportedMouseTypes[] xf86NumMouseTypes xf86ChangeBusIndex() xf86EntityEnter() xf86EntityLeave() xf86WrapperInit() xf86RingBell() xf86findOptionBoolean() xf86debugListOptions() LoadSubModuleLocal() LoaderSymbolLocal() getInt10Rec() xf86CurrentScreen xf86ReallocatePciResources() xf86NewSerialNumber() xf86RandRSetInitialMode() fbCompositeSolidMask_nx1xn fbCompositeSolidMask_nx8888x0565C fbCompositeSolidMask_nx8888x8888C fbCompositeSolidMask_nx8x0565 fbCompositeSolidMask_nx8x0888 fbCompositeSolidMask_nx8x8888 fbCompositeSrc_0565x0565 fbCompositeSrc_8888x0565 fbCompositeSrc_8888x0888 fbCompositeSrc_8888x8888 fbCompositeSrcAdd_1000x1000 fbCompositeSrcAdd_8000x8000 fbCompositeSrcAdd_8888x8888 fbGeneration fbIn fbOver fbOver24 fbOverlayGeneration fbRasterizeEdges fbRestoreAreas fbSaveAreas composeFunctions VBEBuildVbeModeList() VBECalcVbeModeIndex() TIramdac3030CalculateMNPForClock() shadowBufPtr shadowFindBuf() miRRGetScreenInfo() RRSetScreenConfig() RRModePruneUnused() PixmanImageFromPicture() extern int miPointerGetMotionEvents() miClipPicture() miRasterizeTriangle() fbPush1toN() fbInitializeBackingStore() ddxBeforeReset() SetupSprite() InitSprite() DGADeliverEvent() SPECIAL CASES o defined as _X_INTERNAL xf86NewInputDevice() o defined as static fbGCPrivateKey fbOverlayScreenPrivateKey fbScreenPrivateKey fbWinPrivateKey o defined in libXfont.so, but declared in xorg/dixfont.h GetGlyphs() QueryGlyphExtents() QueryTextExtents() ParseGlyphCachingMode() InitGlyphCaching() SetGlyphCachingMode()
2008-11-25Dead code cleanup over DBE.Adam Jackson2-81/+3
No DDXes have explicit DBE support anymore, so the init registration table never got used. Just nuke it all.
2008-10-06xalloc+bzero -> xcallocAdam Jackson1-2/+1
2008-08-28Prepare for array-index based devPrivates.Tomas Carnecky2-5/+10
TODO: static indices can be made just an int; some indices can be combined.
2008-06-12dbe: fix DoS reported by iDefense.Dave Airlie1-26/+27
This isn't a security problem just a user could DoS themselves for fun or profit.
2007-11-20Revert "registry: Register DBE extension protocol names."Eamon Walsh1-21/+0
This reverts commit 2e1e5be1d9067816525aa13a1d818e8ca6899599. Moving all the names into dix/registry.c
2007-11-05Merge branch 'master' into XACE-SELINUXEamon Walsh1-4/+4
Conflicts: dix/dispatch.c dix/property.c hw/xfree86/common/xf86VidMode.c include/xkbsrv.h render/glyph.c xkb/xkbActions.c
2007-11-04Add CreatePixmap allocation hints.Aaron Plattner1-4/+4
These hints allow an acceleration architecture to optimize allocation of certain types of pixmaps, such as pixmaps that will serve as backing pixmaps for redirected windows.
2007-10-15registry: Register DBE extension protocol names.Eamon Walsh1-0/+21
2007-09-19xace: add hooks + new access codes: DOUBLE-BUFFER extensionEamon Walsh2-8/+20
2007-08-28devPrivates rework: since API is already broken, switch everythingEamon Walsh4-268/+44
over to new system. Need to update documentation and address some remaining vestiges of old system such as CursorRec structure, fb "offman" structure, and FontRec privates.
2007-08-14dix: remove caching of drawables and graphics contexts. The security checksEamon Walsh1-1/+1
simply bypass the cached values so they are unused.