andreacavalli
/
xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
xserver-multidpi/glx
History
Olivier Fourdan aad61e8e03 glx: Fix use after free in MakeCurrent 
The fix from commit c468d34c7 - "glx: Set ContextTag for all contexts"
is actually incomplete, it correctly sets the context tag for direct
contexts as well, but would fail to mark the context's currentClient.

As a result, when the context is destroyed, it would be freed
immediately rather than being just scheduled for deletion, even though
it is still current for some client. leading to a use-after-free.

Make sure to also set the context's currentClient for direct contexts as
well, not just indirect ones.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Fixes: c468d34c7 - "glx: Set ContextTag for all contexts"
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1186
Reviewed-by: Adam Jackson <ajax@redhat.com>
 		2021-06-21 08:39:38 +02:00
..
Makefile.am configure: Build hashtable for Xres and glvnd 2020-11-09 09:38:46 +00:00
clientinfo.c glx: Can't mix declarations and code in X.org sources [CVE-2014-8098 pt. 9] 2014-12-09 11:27:26 -08:00
createcontext.c GLX: fix context render type queries 2020-11-26 20:07:55 +00:00
extension_string.c glx: Implement GLX_EXT_get_drawable_type 2020-09-28 17:16:24 +00:00
extension_string.h glx: Implement GLX_EXT_get_drawable_type 2020-09-28 17:16:24 +00:00
glxbyteorder.h Rewrite the byte swapping macros. 2017-04-25 15:01:23 -07:00
glxcmds.c glx: Fix use after free in MakeCurrent 2021-06-21 08:39:38 +02:00
glxcmdsswap.c glx: Use vnd layer for dispatch (v4) 2018-02-14 17:04:44 -05:00
glxcontext.h GLX: fix context render type queries 2020-11-26 20:07:55 +00:00
glxdrawable.h Add Windows-DRI extension 2016-09-15 20:10:29 +01:00
glxdri2.c Revert "dri2: Don't make reference to noClientException" 2020-01-28 13:26:41 -05:00
glxdricommon.c glx: fixup symbol name for get_extensions function 2020-03-23 20:50:30 +00:00
glxdricommon.h glx: remove unused systemTimeExtension 2017-09-08 11:23:35 -07:00
glxdriswrast.c dix: Call SourceValidate before GetImage 2019-10-30 16:26:01 +00:00
glxext.c glx: Require depth > 12 for GLX visuals 2018-04-24 14:36:04 -04:00
glxext.h glx: Fix GLX_CONTEXT_RELEASE_BEHAVIOR_ARB handling 2019-05-01 14:38:09 +00:00
glxscreens.c glx: Do not call into Composite if it is disabled. 2018-04-10 14:37:47 -04:00
glxscreens.h glx: Use vnd layer for dispatch (v4) 2018-02-14 17:04:44 -05:00
glxserver.h glx: Enable GLX_ARB_create_context_no_error (v2) 2018-02-26 10:18:58 -05:00
glxutil.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
indirect_dispatch.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_dispatch.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_dispatch_swap.c glx: Remove unused bswap_CARD64 2020-11-30 16:22:26 +00:00
indirect_program.c glx: Remove True/False defines 2017-08-21 10:12:54 -04:00
indirect_reqsize.c glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8] 2014-12-08 18:09:50 -08:00
indirect_reqsize.h glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8] 2014-12-08 18:09:50 -08:00
indirect_size.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_size_get.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_size_get.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_table.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_table.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_texture_compression.c glx: Remove __glXReply 2017-06-20 16:39:23 -04:00
indirect_util.c Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
indirect_util.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
meson.build meson: hide C API if Xorg is disabled (like autotools) 2021-03-11 00:22:36 +00:00
render2.c glx: Convert non-generated function pointer thunking 2013-12-10 08:02:42 -08:00
render2swap.c glx: Convert non-generated function pointer thunking 2013-12-10 08:02:42 -08:00
renderpix.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
renderpixswap.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
rensize.c glx: Synchronize Xserver glx/rensize.c with mesa src/glx/compsize.c 2015-10-06 11:15:31 -04:00
single2.c glx: Remove some unused stuff from glxserver.h 2017-08-21 10:13:04 -04:00
single2swap.c glx: Remove __glXReply 2017-06-20 16:39:23 -04:00
singlepix.c glx: Remove __glXReply 2017-06-20 16:39:23 -04:00
singlepixswap.c glx: Remove __glXReply 2017-06-20 16:39:23 -04:00
singlesize.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
singlesize.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
swap_interval.c glx: Length-checking for non-generated vendor private requests [CVE-2014-8098 6/8] 2014-12-08 18:09:50 -08:00
unpack.h glx: Remove __glXReply 2017-06-20 16:39:23 -04:00
vnd_dispatch_stubs.c glx: Import glxvnd server module (v2) 2018-02-14 17:04:35 -05:00
vndcmds.c glx: Check for byte-swapping in SetReplyHeader 2021-05-30 13:49:37 -07:00
vndext.c GLX: Set GlxServerExports::{major,minor}Version 2019-05-21 10:50:42 -07:00
vndserver.h GLX: Add a function to change a clients vendor list. 2019-05-17 08:25:28 -07:00
vndservermapping.c GLX: Add a function to change a clients vendor list. 2019-05-17 08:25:28 -07:00
vndservervendor.c glx: Import glxvnd server module (v2) 2018-02-14 17:04:35 -05:00
vndservervendor.h glx: Import glxvnd server module (v2) 2018-02-14 17:04:35 -05:00
xfont.c glx: Use vnd layer for dispatch (v4) 2018-02-14 17:04:44 -05:00