| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
It looks like offsets calculated during image censoring are wrong.
This results in black (empty) images returns.
This fix is very similar to 6c6f09aac7f1d1367a042087b7681c7fdf1d1e0f
that was applied to XGetImage
Visually this fixes chromium/firefox window sharing in multiscreen
configurations - without this patch most of the windows on 'secodnary'
screens are black.
This also should fix https://bugs.freedesktop.org/show_bug.cgi?id=101730.
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 885636b7d42b3c7b151fc386d358184db004ce45)
|
|
This addresses:
CVE-2017-12180 in XFree86-VidModeExtension
CVE-2017-12181 in XFree86-DGA
CVE-2017-12182 in XFree86-DRI
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 1b1d4c04695dced2463404174b50b3581dbd857b)
|
|
v2: Add overflow check and remove unnecessary check (Julien Cristau)
This addresses:
CVE-2017-12184 in XINERAMA
CVE-2017-12185 in MIT-SCREEN-SAVER
CVE-2017-12186 in X-Resource
CVE-2017-12187 in RENDER
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit cad5a1050b7184d828aef9c1dd151c3ab649d37e)
|
|
Otherwise it can belong to a non-existing client and abort X server with
FatalError "client not in use", or overwrite existing segment of another
existing client.
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit b95f25af141d33a65f6f821ea9c003f66a01e1f1)
|
|
This code is using GetImage to accumulate a logical view of the window
image (since the windows will be clipped to their containing screen),
and then PutImage to load that back into the pixmap. What it wasn't
doing was constructing a region for the obscured areas of the window and
emitting graphics exposures for same.
v2: Fix coordinate translation when the source is the root window
v3: Create sourceBox with the right coordinates initially instead of
translating (Keith Packard)
v4: Clamp the region to 15 bits to avoid overflow (Keith Packard)
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit e337de2d488a124e5fee0fdcb882567b68f1767d)
|
|
GetImage is allowed to return window border contents, so don't remove
that from the returned image.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Based on: https://patchwork.freedesktop.org/patch/85636/
Rewritten to just not walk the pointer.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Emi Velikov <emil.l.velikov@gmail.com>
|
|
Based on: https://patchwork.freedesktop.org/patch/85636/
Rewritten to also free the resources allocated by
panoramix_setup_ids().
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Emi Velikov <emil.l.velikov@gmail.com>
|
|
flags = fcntl(fd, F_GETFD) is compliant.
fcntl(fd, F_GETFD, &flags) is non-compliant (Linux extension?)
cf: http://pubs.opengroup.org/onlinepubs/9699919799/functions/fcntl.html
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
|
|
Hasn't been necessary since:
commit 92ed75ac59e2d3af149cddb962efd05fc8487750
Author: Jamey Sharp <jamey@minilop.net>
Date: Mon May 10 20:22:05 2010 -0700
Eliminate boilerplate around client->noClientException.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
|
|
We already generate errors from the top level when non-Success is
returned from a dispatch function, so really we were emitting errors
twice.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
|
|
The caller passes arguments into XaceCensorImage that are in
window-relative coordinates. However, the pBuf that it uses to construct
a temporary pixmap has its origin at (x, y) relative to the window in
question. The code to convert the censor region into boxes adjusts for
the Y coordinate, but leaves the X coordinate alone. The result is that
if x is not zero, it censors the wrong part of the image.
Fix this by just translating censorRegion into pixmap-relative
coordinates and using the resulting boxes as-is.
Reported-by: Fabien Lelaquais <Fabien.Lelaquais@roguewave.com>
Link: https://lists.x.org/archives/xorg/2016-August/058165.html
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
|
|
This removes the last uses of fd_set from the server interfaces
outside of the OS layer itself.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
|
|
This new libXfont API eliminates exposing internal X server symbols to
the font library, replacing those with a struct full of the entire API
needed to use that library.
v2: Use libXfont2 instead of libXfont_2
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
|
|
We currently censor images from dix's GetImage, but not from
ShmGetImage. This is a method to bypass XACE, creating a potential
leak. We should censor in both methods.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Andrew Eikum <aeikum@codeweavers.com>
|
|
I suspect this code predates the common resource hooks for computing
sizes. It's ugly in any case since the Resource extension shouldn't
need to know which extensions can take a reference on pixmaps. Instead,
let's just walk every resource for the client and sum up all the pixmap
bytes that way.
This might be slightly slower since we're calling the size func once for
every resource. On the other hand, it might be slightly faster since we
only walk the resource table once instead of 3-5 times. Probably a
wash, and not really a performance path in any case.
Acked-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
There are no in-tree consumers of the audit hooks, and they are in any
case redundant with the dtrace dispatch hooks. Neither is there any
in-tree user of the core request dispatch hook. The extension hook is
only used for non-default security cases, but in the absence of LTO we
always have to take the function call into XaceHookDispatch to find out
that there's no callback registered.
Cc: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
As the man page for the latter states:
The effects of signal() in a multithreaded process are unspecified.
We already have an interface to call sigaction() instead, use it.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
Private storage is pre-zeroed by the private system itself.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
|
|
This was added in:
commit 312910b4e34215aaa50fc0c6092684d5878dc32f
Author: Chase Douglas <chase.douglas@canonical.com>
Date: Wed Apr 18 11:15:40 2012 -0700
Update currentTime in dispatch loop
Unfortunately this is equivalent to calling GetTimeInMillis() once per
request. In the absolute best case (as on Linux) you're only hitting the
vDSO; on other platforms that's a syscall. Either way it puts a pretty
hard ceiling on request throughput.
Instead, push the call down to the requests that need it; basically,
grab processing and event generation.
Cc: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
-Wlogical-op now tells us:
devices.c:1685:23: warning: logical ‘and’ of equal expressions
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Commit 6045506be0cebca4ebbe943ae77f020aafa703d4 changed back
the behavior to only allow the trusted extensions to the untrusted clients,
but left the 8b5d21cc1d1f4e9d20e5d5eca44cb1e60a419763
comment intended for Security*Un*trustedExtensions saying that
"untrusted clients shouldn't have access to these".
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Ángel González <ingenit@zoho.com>
|
|
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
In commit f175cf45aebcdda53f3ae49c0eaf27da1f194e92
Author: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed Feb 10 09:34:34 2016 +0100
vidmode: move to a separate library of its own
the verbosity of some old debug messages (which print the reply to every
GetModeLine client request and others) was increased leading to lots of
log spam. Downgrade the logging back to DebugF.
[ajax: Fix a typo so it compiles.]
Reviewed-by: Adam Jackson <ajax@redhat.com>
References: https://bugs.freedesktop.org/show_bug.cgi?id=94515
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Olivier Fourdan <ofourdan@redhat.com>
|
|
Reviewed-by: Rémi Cardona <remi@gentoo.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
XvdiDestroyVideoNotifyList already frees the list if AddResource fails,
so don't do it twice. And set tpn->client to NULL explicitly to avoid
confusing uninitialized memory with a valid value.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
git commit f175cf45:
vidmode: move to a separate library of its own
introduced a regression where the xserver would not build when
xf86vidmodeproto is not installed even if the configure option
"--disable-xf86vidmode" is specified.
Fix build failure when xf86vidmodeproto is not installed.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
|
XVidMode extension might be useful to non hardware servers as well (e.g.
Xwayand) so that applications that rely on it (e.g. lot of older games)
can at least have read access to XVidMode.
But the implementation is very XFree86 centric, so the idea is to add
a bunch of vfunc that other non-XFree86 servers can hook up into to
provide a similar functionality.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=87806
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
|
It probably doesn't work very well since there's other extension setup
we're not doing on this path, and in any event it's not a thing that
happens currently.
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Replace block/wakeup handlers with SetNotifyFd. Much nicer now.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Regression from 990cf5b2828f73dc7a07f1e38f608af39acfd81d
Signed-off-by: Julien Cristau <jcristau@debian.org>
Cc: Andrew Eikum <aeikum@codeweavers.com>
Cc: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Andrew Eikum <aeikum@codeweavers.com>
|
|
Pixmaps are reference counted and DestroyPixmap is called for the
removal of every reference. However, we only want to stop the adaptors
writing into the Pixmap just before the Pixmap is finally destroyed,
similar to how Windows are handled.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
|
|
XID may be either 'unsigned long' or 'unsigned int' depending on:
typedef unsigned long CARD64;
typedef unsigned int CARD32;
typedef unsigned long long CARD64;
typedef unsigned long CARD32;
typedef unsigned long XID;
typedef CARD32 XID;
so when building with -Wformat, we get some warnings that are benign. This silences them.
security.c:215:52: warning: format specifies type 'int' but the argument has type 'XID' (aka 'unsigned long')
[-Wformat,Format String Issue]
SecurityAudit("revoked authorization ID %d\n", pAuth->id);
~~ ^~~~~~~~~
%lu
CC dpmsstubs.lo
security.c:553:25: warning: format specifies type 'int' but the argument has type 'XID' (aka 'unsigned long')
[-Wformat,Format String Issue]
client->index, pAuth->id, pAuth->trustLevel, pAuth->timeout,
^~~~~~~~~
security.c:553:55: warning: format specifies type 'int' but the argument has type 'CARD32' (aka 'unsigned long')
[-Wformat,Format String Issue]
client->index, pAuth->id, pAuth->trustLevel, pAuth->timeout,
^~~~~~~~~~~~~~
security.c:554:10: warning: format specifies type 'int' but the argument has type 'XID' (aka 'unsigned long')
[-Wformat,Format String Issue]
pAuth->group, eventMask);
^~~~~~~~~~~~
security.c:554:24: warning: format specifies type 'int' but the argument has type 'Mask' (aka 'unsigned long')
[-Wformat,Format String Issue]
pAuth->group, eventMask);
^~~~~~~~~
security.c:781:19: warning: format specifies type 'unsigned int' but the argument has type 'Mask' (aka 'unsigned
long')
[-Wformat,Format String Issue]
requested, rec->id, cid,
^~~~~~~~~
security.c:781:30: warning: format specifies type 'unsigned int' but the argument has type 'XID' (aka 'unsigned long')
[-Wformat,Format String Issue]
requested, rec->id, cid,
^~~~~~~
security.c:863:23: warning: format specifies type 'unsigned int' but the argument has type 'XID' (aka 'unsigned long')
[-Wformat,Format String Issue]
rec->pWin->drawable.id, wClient(rec->pWin)->index,
^~~~~~~~~~~~~~~~~~~~~~
security.c:893:31: warning: format specifies type 'unsigned int' but the argument has type 'XID' (aka 'unsigned long')
[-Wformat,Format String Issue]
rec->pWin->drawable.id,
^~~~~~~~~~~~~~~~~~~~~~
security.c:915:39: warning: format specifies type 'unsigned int' but the argument has type 'XID' (aka 'unsigned long')
[-Wformat,Format String Issue]
rec->client->index, rec->pWin->drawable.id,
^~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
xres.c:422:1: warning: unused function 'ResFindCompositeClientWindowPixmaps' [-Wunused-function,Unused Entity Issue]
ResFindCompositeClientWindowPixmaps (void *value, XID id, void *cdata)
^
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
These extensions were accessing internal OS functions and
structures. Expose the necessary functionality to them and remove
their use of osdep.h
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
There's a 'const char *' adventure here that I'm mostly ignoring; some
client information gets const poisoned. Worked around by adding a
couple of casts. Ick.
Added an _X_ATTRIBUTE_PRINTF to SELinuxLog.
Ignore a couple of unused return values.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Acked-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Signed-off-by: Andrew Eikum <aeikum@codeweavers.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
This is necessary to avoid a NULL pointer deference when the pixmap is
used later.
[ajax: massaged commit message, fixed it to compile]
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=89748
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Brent Collins <bcollins@trustedcs.com>
|
|
We pass the pPixmap->drawable.id to the ShmDetachSegment function after
the pPixmap is freed. Fortunately, we don't use the value inside
ShmDetachSegment and can simply pass zero instead.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Michel Dänzer <michel@daenzer.net>
|
|
v2: remove now useless parentheses
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matt Turner <mattst88@gmail.com>
|
|
It's going to multiply anyway, so if we have non-constant values, might
as well let it do the multiplication instead of adding another multiply,
and good versions of calloc will check for & avoid overflow in the process.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matt Turner <mattst88@gmail.com>
|
|
Nothing was using it and if anyone had they would've gotten a warning and
noticed that it doesn't actually work. Drop this, it has been unused for years.
Input ABI 22
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
sed -i "s/[ ]\+$//g" **/*.(c|h)
happy reviewing...
git diff -w is an empty diff.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
shm.c:1150:24: warning: equality comparison with extraneous parentheses
[-Wparentheses-equality]
if ((shmdesc->addr == ((char *) -1))) {
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
