dixLookupResource attempted to automatically detect whether the caller
wanted a lookup by-type or by-class, unfortunately, it guessed wrong for
RT_NONE. Instead of trying to make the guess better, this patch just reverts
the unification and creates separate functions for each operation.
(cherry picked from commit f8dd80d13b)
Signed-off-by: Keith Packard <keithp@keithp.com>
Proto headers updating resulting in the server advertising new versions is
broken. This should be applied to every extension.
This fixes the build against slightly-older xineramaproto.
(cherry picked from commit b349a764e9)
Signed-off-by: Keith Packard <keithp@keithp.com>
Error: Write outside array bounds at Xext/geext.c:406
in function 'GEWindowSetMask' [Symbolic analysis]
In array dereference of cli->nextSib[extension] with index 'extension'
Array size is 128 elements (of 4 bytes each), index <= 128
Error: Buffer overflow at dix/events.c:592
in function 'SetMaskForEvent' [Symbolic analysis]
In array dereference of filters[deviceid] with index 'deviceid'
Array size is 20 elements (of 512 bytes each), index >= 0 and index <= 20
Error: Read buffer overflow at hw/xfree86/loader/loader.c:226
in function 'LoaderOpen' [Symbolic analysis]
In array dereference of refCount[new_handle] with index 'new_handle'
Array size is 256 elements (of 4 bytes each), index >= 1 and index <= 256
These bugs were found using the Parfait source code analysis tool.
For more information see http://research.sun.com/projects/parfait
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit b680bda34d)
(cherry picked from commit 04c9e80f08)
Signed-off-by: Keith Packard <keithp@keithp.com>
Instead, clients should keep track of the selection instances they use.
(cherry picked from commit 0952d12717)
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
This allows untrusted clients to destroy their own windows when they
have been reparented by a trusted window manager.
(cherry picked from commit 4559d2ace6)
Previously, three extensions were defined as "trusted" by the extension:
BIG-REQUESTS, XC-MISC, and XPrint. No other extensions were permitted
to be used by untrusted clients.
In commit 8b5d21cc1d this was changed for
some reason. Return to the old, compatible behavior.
(cherry picked from commit 6045506be0)
The POINTER_SCREEN flag must be set explicitly for XTest core events to avoid
out-of-range events when the lastSlave was an SD with an explicit axis range.
Device events sent through XTest don't need this flag, they are expected to be
in the valuator range of the device anyway.
Red Hat Bug 490984 <https://bugzilla.redhat.com/show_bug.cgi?id=490984>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 603db34337)
Requires libselinux 2.0.79 or newer. Without this, libselinux will
check for policy updates on the netlink socket on basically every policy
lookup. Statistically speaking, they never happen, and the check
translates to at least one more syscall on basically every operation.
Instead, take control of the fd from the library, and check it in
WakeupHandler if it polls readable.
(cherry picked from commit 3992dd38ca)
X server should never see, translate, or deal with a munged context.
Display managers which show contexts to the user should take care of
translating these to human readable form.
(cherry picked from commit c7cf926d25)
The X Server build only needs the macros PANORAMIX_MAJOR_VERSION
and PANORAMIX_MINOR_VERSION from that header.
Addition of extra prototypes to <X11/extensions/panoramiXext.h>
caused a X Server build failure.
Make GEClientGone static and include registry.h, to fix the following
warnings:
geext.c:225: warning: no previous prototype for 'GEClientGone'
geext.c: In function 'GEExtensionInit':
geext.c:280: warning: implicit declaration of function 'RegisterResourceName'
geext.c:280: warning: nested extern declaration of 'RegisterResourceName'
The XEvIE extension doesn't clear the rep.length field for any reply but
the version check. Hence, if there is junk data in it and that is sent
to the client, it hangs.
X.Org bug#17394 (http://bugs.freedesktop.org/show_bug.cgi?id=17394)
There's no reason to not just dispatch this straight into the GC. As a
bonus, if you do so, damage wraps correctly, and thus swcursor works.
The side effect is it's no longer possible to override ShmPutImage with
ShmRegisterFuncs().
Also remove the (broken) damage tracking for same from EXA, since it didn't
work right, and is now superfluous.
This fixes a severe issue - when the client died the event mask didn't get
unregistered and a future event would dereference dangling pointers. By
storing the event masks in the resource system we can free them when the
client dies.