Integer overflows can occur in the code validating the parameters for
the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient
and SProcRenderCreateConicalGradient functions, leading to memory
corruption by swapping bytes outside of the intended request
parameters.
An integer overflow may occur in the computation of the size of the
glyph to be allocated by the ProcRenderCreateCursor() function which
will cause less memory to be allocated than expected, leading later to
dereferencing un-mapped memory, causing a crash of the X server.
An integer overflow may occur in the computation of the size of the
glyph to be allocated by the AllocateGlyph() function which will cause
less memory to be allocated than expected, leading to later heap
overflow.
Conflicts:
Xext/xprint.c (removed in master)
config/hal.c
dix/main.c
hw/kdrive/ati/ati_cursor.c (removed in master)
hw/kdrive/i810/i810_cursor.c (removed in master)
hw/xprint/ddxInit.c (removed in master)
xkb/ddxLoad.c
These hints allow an acceleration architecture to optimize allocation of certain
types of pixmaps, such as pixmaps that will serve as backing pixmaps for
redirected windows.
over to new system.
Need to update documentation and address some remaining vestiges of
old system such as CursorRec structure, fb "offman" structure, and
FontRec privates.
The plural version is now static, which is fine since it was only ever called
from within picture post-init anyway. The body of the work is now done with
a one-shot (public) function that operates on a single format at a time.
The pixman headers have been located under pixman-1/ instead of pixman/ since
around 2007-08-06, and pixman-1.pc has the updated include paths to account
for this.
This reverts commit feb1b3e455.
This avoids some inefficiency in creating a temporary Picture
for every glyph at rendering time. My measurements with an i965
showed the previous patch causing a 10-15% slowdown for NoAccel
and XAA cases, (while providing an 18% speedup for EXA).
With this change, the NoAccel and XAA performance regression is
eliminated, and the overall EXA speedup, (before any of the
glyphs-as-pixmaps work), is now 32%.
Instead of system-memory data which prevents accelerated
compositing of glyphs, (at least without forcing an upload
of the glyph data before compositing).
Using a cryptographically strong hash means that comparing the
hash alone is sufficient for determining glyph equality (no need
to compare the glyph bits directly). This will allow us to replace
system-memory copies of the glyph bits, (which we've only been
holding onto for comparisons), with Pixmaps.
This is a cleanup without any real savings (yet). Previously, the
implementation would allocate a new glyph, then (often) find it in
the cache, and immediately discard the allocated object. This
re-organization first uses a new FindGlyphByHash function and only
allocates the glyph if nothing is found.
This isn't a real savings yet, since FindGlyphByHash currently still
does a temporary glyph allocation, but this is expected to be replaced
immediately as we switch to an alternate hashing mechanism (SHA1).
This is in preparation for a future change that will take advantage
of being able to compute a hash for a separate xGlyphInfo and chunk
of bits without a combined Glyph object.
* Port fix for bug 7685 from pixman. Patch by Carl Worth
* Add projective version of radial gradient code.
* Make sure that all Pict*Gradient types have PictGradient as prefix,
since code in various places relies on that.
bugfix: uninitialized pPointer in miPointerGetPosition ifndef MPX
adding DeviceIntPtr parameter to ScreenRec's cursor functions.
cleanup of miPointer code to use same scheme in each function
dix: MPHasCursor() function determines checking whether to invoke
cursor rendering.
animcur: adding DeviceIntPtr parameter to cursor functions but animcur relies
on the core pointer right now.
xfixes: adding DeviceIntPtr parameter to cursor functions but xfixes relies on
the core pointer right now.
rac: adding DeviceIntPtr parameter to cursor functions but RAC relies on
the core pointer right now.
ramdac: adding DeviceIntPtr parameter to cursor functions but ramdac relies on
the core pointer right now.
Get rid of almost all uses of these definitions. They're still defined for
delinquent out-of-tree drivers, and also for the Mesa build. As well as
for miinitext.c. But largely gone.
Now, we only check for filter commonality if we're operating on a source
picture, and we compare the id (screen-independent index of the filter name)
rather than the pointer to the filter (per-screen state).
Now, filters may only be set on source pictures when the filter is common to
all screens. Also, like SetPictureTransform, ChangePictureFilter is now not
called on source pictures.
A screen's ChangePictureTransform now isn't called when changing the transform,
as source pictures aren't associated with screens. Also, attempting to set
an AlphaMap to a source picture will fail with BadMatch just like a Window
would, preventing another crash.
Instead, stick the NULL return default case afterwards, so that the compiler can
warn us when we've got unimplemented cases. Removes some unimplemented and
unused 8bpp, depth 4 picture format names.
PICT_a8r8g8b8. Fixes a failure in the gradients test of rendercheck. In
the long term we could do better by setting the format to something
without alpha whenever the gradient doesn't contain colors with alpha.
This triggers a reduction of the over operation to a pure source
operation.