A request, like input device grabs, may check a request timestamp
against currentTime. It is possible for currentTime to lag a previously
sent event timestamp. If the client makes a request based on such an
event timestamp, the request may fail the validity check against
currentTime unless we always update the time before processing the
request.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
See UpdateCurrentTime() for reference. I don't know what bug this might
trigger, but it wouldn't hurt to fix this.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
If the typedef wasn't perfect, indent would get confused and change:
foo = (SomePointlessTypedef *) &stuff[1];
to:
foo = (SomePointlessTypedef *) & stuff[1];
Fix this up with a really naïve sed script, plus some hand-editing to
change some false positives in XKB back.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
This is strictly the application of the script 'x-indent-all.sh'
from util/modular. Compared to the patch that Daniel posted in
January, I've added a few indent flags:
-bap
-psl
-T PrivatePtr
-T pmWait
-T _XFUNCPROTOBEGIN
-T _XFUNCPROTOEND
-T _X_EXPORT
The typedefs were needed to make the output of sdksyms.sh match the
previous output, otherwise, the code is formatted badly enough that
sdksyms.sh generates incorrect output.
The generated code was compared with the previous version and found to
be essentially identical -- "assert" line numbers and BUILD_TIME were
the only differences found.
The comparison was done with this script:
dir1=$1
dir2=$2
for dir in $dir1 $dir2; do
(cd $dir && find . -name '*.o' | while read file; do
dir=`dirname $file`
base=`basename $file .o`
dump=$dir/$base.dump
objdump -d $file > $dump
done)
done
find $dir1 -name '*.dump' | while read dump; do
otherdump=`echo $dump | sed "s;$dir1;$dir2;"`
diff -u $dump $otherdump
done
Signed-off-by: Keith Packard <keithp@keithp.com>
Acked-by: Daniel Stone <daniel@fooishbar.org>
Acked-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Forwarding proxies like sshd will appear to be local, even though they
aren't really. This leads to weird behaviour for extensions that truly
require running under the same OS services as the client, like MIT-SHM
and DRI2.
Add two new legal values for the initial connection's byteOrder field,
'r' and 'R'. These act like 'l' and 'B' respectively, but have the side
effect of forcing the client to be treated as non-local. Forwarding
proxies should attempt to munge the first packet of the connection
accordingly; older servers will reject connections thusly munged, so the
proxy should fall back to passthrough if the munged connection attempt
fails.
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Almost all of the places the string is assigned point to a literal
string constant, so use const char * for those, and const char **
for function calls that return it via an argument. Fortunately
the top level function, ClientAuthorized, which returns the string
as its return value is called from only one place, ProcEstablishConnection.
ProcEstablishConnection stores either that return value or a string literal
in char *reason. It only uses reason as an argument to SendConnSetup.
SendConnSetup passes the reason argument to strlen & WriteToClient,
both of which already have const qualifiers on their args.
Thus added const to the reason variable in ProcEstablishConnection
and the reason argument to SendConnSetup.
Fixes gcc warnings:
dispatch.c: In function 'ProcEstablishConnection':
dispatch.c:3711:9: warning: assignment discards qualifiers from pointer target type
auth.c: In function 'CheckAuthorization':
auth.c:218:14: warning: assignment discards qualifiers from pointer target type
auth.c:220:20: warning: assignment discards qualifiers from pointer target type
connection.c: In function 'ClientAuthorized':
connection.c:683:3: warning: return discards qualifiers from pointer target type
mitauth.c: In function 'MitCheckCookie':
mitauth.c:88:13: warning: assignment discards qualifiers from pointer target type
xdmauth.c:259:14: warning: assignment discards qualifiers from pointer target type
xdmauth.c:270:14: warning: assignment discards qualifiers from pointer target type
xdmauth.c:277:11: warning: assignment discards qualifiers from pointer target type
xdmauth.c:293:15: warning: assignment discards qualifiers from pointer target type
xdmauth.c:313:14: warning: assignment discards qualifiers from pointer target type
xdmauth.c:322:11: warning: assignment discards qualifiers from pointer target type
rpcauth.c: In function 'SecureRPCCheck':
rpcauth.c:136:10: warning: assignment discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
The record extension needs the major and minor opcodes in the reply
hook, but the request buffer may have been freed by the time the hook
is invoked. Saving the request major and minor codes as the request is
executed avoids fetching from the defunct request buffer.
This patch also eliminates the public MinorOpcodeOfRequest function,
inlining it into Dispatch. Usages of that function have been replaced
with direct access to the new ClientRec field.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Commit 587c3a2d19 fixed DoGetImage to
check windows against their backing drawables, rather than against the
screen dimensions, to prevent reading outside the bounds of redirected
windows' backing pixmaps (see bug #22804). Unfortunately, while
making that change I also removed the check that the rectangle is
contained within the bounds of the source window, which is a violation
of the specification:
If the drawable is a window, the window must be viewable, and it
must be the case that, if there were no inferiors or overlapping
windows, the specified rectangle of the window would be fully
visible on the screen *and wholly contained within the outside
edges of the window* (or a Match error results). Note that the
borders of the window can be included and read with this request.
(emphasis mine)
Reinstate the window dimension check, to return BadMatch if the
GetImage request falls outside the bounds of the window.
Fixes X Test Suite test XGetImage-15:
400|0 15 1 11:05:41|IC Start
200|0 15 11:05:41|TP Start
520|0 15 00005146 1 1|VSW5TESTSUITE PURPOSE 15
520|0 15 00005146 1 2|Assertion XGetImage-15.(A)
520|0 15 00005146 1 3|When the drawable is a window and the window is viewable
520|0 15 00005146 1 4|and it is not the case that given there were no inferiors or
520|0 15 00005146 1 5|overlapping windows the specified rectangle of the window
520|0 15 00005146 1 6|would be fully visible on the screen and wholly contained
520|0 15 00005146 1 7|within the outside edges of the window, then a BadMatch
520|0 15 00005146 1 8|error occurs.
520|0 15 00005146 1 9|METH: Create window which is not fully visible on the screen.
520|0 15 00005146 1 10|METH: Call XMapWindow to make sure the window is viewable.
520|0 15 00005146 1 11|METH: Call XGetImage with rectangle extending beyond edge of screen.
520|0 15 00005146 1 12|METH: Verify XGetImage return value is null.
520|0 15 00005146 1 13|METH: Verify that BadMatch error occurred.
520|0 15 00005146 1 14|METH: Create window which is fully visible on the screen.
520|0 15 00005146 1 15|METH: Call XMapWindow to make sure the window is viewable.
520|0 15 00005146 1 16|METH: Call XGetImage with rectangle extending beyond edge of window.
520|0 15 00005146 1 17|METH: Verify XGetImage return value is null.
520|0 15 00005146 1 18|METH: Verify that BadMatch error occurred.
520|0 15 00005146 1 19|REPORT: Got Success, Expecting BadMatch
520|0 15 00005146 1 20|REPORT: Null image not returned.
220|0 15 1 11:05:41|FAIL
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
For Zaphod mode screen crossing handling we need to know the size of all
screens together (i.e. the whole desktop size). Store that in the screenInfo to
have it readily available in events.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Also, fix whitespace, mainly around
swaps(&rep.sequenceNumber)
Reviewed-by: Peter Harris <pharris@opentext.com>
Signed-off-by: Matt Turner <mattst88@gmail.com>
Appears to be leftover from the Kerberos code deleted in 2007
(commit dfbe32b5b8).
Nothing left ever set clientState to ClientStateAuthenticating
Skipped over 1 to preserve existing enum numbering.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
If AddResource fails, it will automatically free the object that was
passed to it by calling the appropriate deleteFunc; and of course
FreeResource also calls the deleteFunc. In both cases it's wrong to call
the destroy hook manually.
Commit by Jamey Sharp and Josh Triplett.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Aaron Plattner <aplattner@nvidia.com>
Use new per-screen privates API instead.
Commit by Jamey Sharp and Josh Triplett.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Appear to be leftovers from the XC-QUERY-SECURITY code deleted in 2007
(commit 375864cb74).
Nothing left ever set clientState to ClientStateCheckingSecurity.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
This seems a good convention to follow: if pointers are allocate outside a
given function, then free there as well when a failure occurs.
AllocARGBCursor and its callers were mixing up the freeing of resources and
causing a particular double free inside TileScreenSaver (srcbits and mskbits).
Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
An interface is provided for figuring out the PID and process name of
a client. Make some existing functionality from SELinux and IA
extensions available for general use.
Signed-off-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Reviewed-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Drop DRAWABLE_BUFFER and related checks, mbuf was the only thing that
used them and it was killed in 0ba82562.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Signed-off-by: Keith Packard <keithp@keithp.com>
This patch was generated by the following Perl code:
perl -i -pe 's/([^_])return\s*\(\s*([^(]+?)\s*\)s*;(\s+(\n))?/$1return $2;$4/g;'
Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
This patch has been generated by the following Coccinelle semantic patch:
@@
expression E;
@@
-if(E) { free(E); }
+free(E);
Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Fernando Carrijo <fcarrijo@yahoo.com.br>
Reviewed-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Marcin Baczyński <marbacz@gmail.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matt Turner <mattst88@gmail.com>
This patch only changes the API, not the implementation of the
devPrivates infrastructure. This will permit a new devPrivates
implementation to be layed into the server without requiring
simultaneous changes in every devPrivates user.
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Tiago Vignatti <tiago.vignatti@nokia.com>
This is a combination of a huge mechanical patch and a few small
fixups required to finish the job. They were reviewed separately, but
because the server does not build without both pieces, I've merged
them together at this time.
The mechanical changes were performed by running the included
'fix-region' script over the whole tree:
$ git ls-files | grep -v '^fix-' | xargs ./fix-region
And then, the white space errors in the resulting patch were fixed
using the provided fix-patch-whitespace script.
$ sh ./fix-patch-whitespace
Thanks to Jamey Sharp for the mighty fine sed-generating sed script.
The hand-done changes involve removing functions from dix/region.c
that duplicate inline functions in include/regionstr.h, along with
their declarations in regionstr.h, mi.h and mispans.h.
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
Many references to the WindowTable array already had the corresponding
screen pointer handy, which meant they usually looked like
"WindowTable[pScreen->myNum]". Adding a field to ScreenRec instead of
keeping this information in a parallel array simplifies those
expressions, and eliminates a MAXSCREENS-sized array.
Since dix uses this data, a screen private entry isn't appropriate.
xf86-video-dummy currently uses WindowTable, so it needs to be updated
to reflect this change.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Tested-by: Tiago Vignatti <tiago.vignatti@nokia.com> (i686 GNU/Linux)
This eliminates a poorly-named, poorly-documented field from the
ScreenRec, using a previously-unused flag bit in each GC instead.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Cc: Keith Packard <keithp@keithp.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Rather than always returning BadValue, associate an error status like
BadWindow with a resource type like RT_WINDOW, and return the
appropriate one for the requested type.
This patch only touches the core protocol resource types. Others still
return BadValue and need to be mapped appropriately.
dixLookupResourceByType can now return BadImplementation, if the caller
asked for a resource type that has not been allocated in the server.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Adam Jackson <ajax@redhat.com>
TryClientEvents already did this; this commit just moves the assignment
one level down so that no event source has to worry about sequence
numbers.
...No event source, that is, except XKB, which inexplicably calls
WriteToClient directly for several events.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Just let Dispatch() check for a noClientException, rather than making
every single dispatch procedure take care of it.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Previously the callers were only setting errorValue on Success, when
it's ignored, and leaving it alone on failure, when it's sent to the
client.
Since SetFontPath takes the ClientPtr, let it set client->errorValue
instead of letting the callers continue to get it wrong.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
The only remaining X-functions used in server are XNF*, the rest is converted to
plain alloc/calloc/realloc/free/strdup.
X* functions are still exported from server and x* macros are still defined in
header file, so both ABI and API are not affected by this change.
Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
The smart scheduler is designed to minimize scheduler overhead by
increasing the interval between WaitForSomething calls when a single
client is running. However, the software rotation code depends on
its BlockHandler being invoked for screen updates; the long delays
caused by the smart scheduler optimizations means that screen updates
can be delayed a long time as well.
The change is simple -- prevent the smart scheduler from increasing
the scheduling interval while any screen is using software rotation.
Signed-off-by: Keith Packard <keithp@keithp.com>
The XGetImage man page states:
If the drawable is a window, the window must be viewable, and it must be the
case that if there were no inferiors or overlapping windows, the specified
rectangle of the window would be fully visible on the screen and wholly
contained within the outside edges of the window, or a BadMatch error
results. Note that the borders of the window can be included and read with
this request.
However, the server was only checking the requested region against the screen
bounds, allowing XGetImage requests to read pixels outside the bounds of a
window's ancestors. Normally, this would just read other pixels from the
screen, but if one of the ancestor windows is redirected, the window's backing
pixmap may be smaller than the window itself.
This change checks the region against the window's bounding drawable, which is
either the screen pixmap, a redirected window's backing pixmap, or the root
window for servers that don't support GetWindowPixmap.
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
All other functions are pushed into where they seemed to fit.
main.c is now linked separately into libmain.a and linked in by the various
DDXs.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
