Mainly for %ld, smaller than int is propagated anyway, and %lld isn't really
used.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Format strings with length modifiers but missing format specifier like "%0"
will read one byte past the array size.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
If we're about to abort, we're already in the signal handler and cannot call
down to the default device cleanup routines (which reset, free, alloc, and
do a bunch of other things).
Add a new DEVICE_ABORT mode to signal a driver's DeviceProc that it must
reset the hardware if needed but do nothing else. An actual HW reset is only
required for some drivers dealing with the HW directly.
This is largely backwards-compatible, hence the input ABI minor bump only.
Drivers we care about either return BadValue on a mode that's not
DEVICE_{INIT|ON|OFF|CLOSE} or print an error and return BadValue. Exception
here is vmmouse, which currently ignores it and would not reset anything.
This should be fixed if the reset is required.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Truncating the fraction part leads to a test failure where -1203.30 is
printed as -1203.29. Round this to the nearest value instead by adding
0.5 before converting to an integer
Signed-off-by: Keith Packard <keithp@keithp.com>
This is the lazy man's %f support. Print the decimal part of the number,
then append a decimal point, then print the first two digits of the
fractional part. So %f in sigsafe printing is really %.2f.
No boundary checks in place here.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Until we have support for them, ignore any length modifiers so we don't need
to update all callers.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
The formatter confused address operators preceded by casts with
bitwise-and expressions, placing spaces on either side of both.
That syntax isn't used by ordinary address operators, however,
so fix them for consistency.
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
setitimer() and SIGALRM aren't available on WIN32, so smart scheduler
code cannot be built. Provide only stubs for smart scheduler timer
code, and disable smart scheduler by default.
Signed-off-by: Ryan Pavlik <rpavlik@iastate.edu>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Tested-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Fix compilation of OsBlockSIGIO with -Werror=return-type when SIGIO isn't
defined.
/jhbuild/checkout/xorg/xserver/os/utils.c: In function 'OsBlockSIGIO':
/jhbuild/checkout/xorg/xserver/os/utils.c:1248:1: error: control reaches end of non-void function [-Wreturn-type]
v2: Shuffle around to avoid writing unreachable code
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Tested-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
MinGW doesn't have sigaction, so this patch is needed for building.
No attempt is made to actually install the fatal error signal handler, as MinGW
will simply terminate the process rather than deliver a fatal signal.
Also avoid using strsignal
Signed-off-by: Ryan Pavlik <rpavlik@iastate.edu>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Tested-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
libnettle is smaller than libgcrypt, currently being released more
frequently, and has replaced the latter in gnutls-3.x (which is used
by TigerVNC, so they can avoid pulling in two crypto libraries
simultaneously).
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
MinGW and MSVC lack the POSIX functions to compile the lock file code.
Signed-off-by: Ryan Pavlik <rpavlik@iastate.edu>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
They're declared in osdep.h, so don't redeclare them in io.c as
well. Keeps the compiler happier.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
In commit:
commit 092c57ab17
Author: Adam Jackson <ajax@redhat.com>
Date: Fri Jun 17 14:03:01 2011 -0400
os: Hide the Connection{In,Out}put implementation details
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
the check for an empty output buffer was moved from one calling
location into the FlushClient implementation itself. However, this
neglected the possibility that additional data, in the form of
'extraBuf' would be passed to FlushClient from other code paths. If the
output buffer happened to be empty at that time, the extra data would
never be written to the client.
This is fixed by checking the total data to be written, which includes
both pending and extra data, instead of just the pending data.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Forwarding proxies like sshd will appear to be local, even though they
aren't really. This leads to weird behaviour for extensions that truly
require running under the same OS services as the client, like MIT-SHM
and DRI2.
Add two new legal values for the initial connection's byteOrder field,
'r' and 'R'. These act like 'l' and 'B' respectively, but have the side
effect of forcing the client to be treated as non-local. Forwarding
proxies should attempt to munge the first packet of the connection
accordingly; older servers will reject connections thusly munged, so the
proxy should fall back to passthrough if the munged connection attempt
fails.
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Introduced in 164b38c72f
Reported-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Throw an error into the log file, but continue anyway. And after three
warnings, stop complaining. Not all input drivers will be fixed in time (or
ever) and our printf implementation is vastly inferior, so there is still a
use-case for non-sigsafe logging.
This also adds more linebreaks to the message.
CC: Chase Douglas <chase.douglas@canonical.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
The mouse driver uses %i in some debug messages
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
Calling OsReleaseSignal() inside the signal handler releases SIGIO, causing
the signal handler to be called again from within the handler.
Practical use-case: when synaptics calls TimerSet in the signal handler,
this causes the signals to be released, eventually hanging the server.
Regression introduced in 08962951de.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Fix Win32TempDir() in the case where we fell back to checking the TMP
environment variable. It looks like this has been wrong since forever.
Signed-off-by: Colin Harrison <colin.harrison@virgin.net>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Popen and Pclose are never used on Windows, so don't bother to even
try to define them.
System(s) was defined as system(s), but the two users of that
function are in xkb, which carefully redefines that as
Win32System. Move Win32System and Win32TempDir to os/utils.c, renaming
Win32System to be just System, which simplifies the xkb code
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
No-one ever did anything with this variable except assign its default
value to it.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
If failing to disable a protocol specified by -nolisten failed, we'd
throw a FatalError and bomb startup entirely. From poking at xtrans, it
looks like the only way we can get a failure here is because we've
specified a protocol name which doesn't exist, which probably doesn't
constitute a security risk.
And it makes it possible to start gdm even though you've built with
--disable-tcp-transport.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Adds new function padding_for_int32() and uses existing pad_to_int32()
depending on required results.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Tested-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Tested-by: Daniel Stone <daniel@fooishbar.org>
Clear them out when needed instead of leaving whatever values were
present in previously sent messages.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Tested-by: Daniel Stone <daniel@fooishbar.org>
Each DDX currently calls OsReleaseSIGIO in case it was suspended when
the server regen started. This causes a BUG to occur if SIGIO was
*not* blocked at that time. Instead of relying on each DDX, make the
OS layer reliably reset all signal state at server init time, ensuring
that signals are suitably unblocked and that the various signal state
counting variables are set back to zero.
Signed-off-by: Keith Packard <keithp@keithp.com>
Let the dix be in charge of changing the sigprocmask so we only have one
entity that changes it.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
This merge includes a minor fixup for '%p' arguments; must cast to
uintptr_t instead of uint64_t as we use -Werror=pointer-to-int-cast
which complains when doing a cast (even explicitly) from a pointer
to an integer of different size.
While we probably don't need to be signal safe here since we will never
return to the normal context, the logging signal context check will
cause unsafe logging to be unhandled. Using signal safe logging here
resolves the issue.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Also, print out the offending message format. This will hopefully help
developers track down unsafe logging.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Backtraces are often printed in signal context, such as when a segfault
occurs.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
os: print offset as unsigned int, not long unsigned int
pnprintf() takes unsigned int for %u
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
ErrorF() is not signal safe. Use ErrorSigSafe() whenever an error
message may be logged in signal context.
[whot: edited to "ErrorFSigSafe"]
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
[whot: edited to use varargs, squashed commit below]
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
os: fix vararg length calculation
Make %u and %x sizeof(unsigned int), %p sizeof(void*). This is printf
behaviour and we can't guarantee that void* is uint64_t anyway.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
Much easier for scripts that try to read the display value off the file
descriptor. Plus, this restores the behaviour we had for this patch in
Fedora since server 1.6 (April 2009).
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
None of the FILE based functions are signal safe, including fileno(), so
we need to save the file descriptor for when we are in signal context.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This will be used for checking for proper logging when in signal
context.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Both Cygwin and MinGW can use Windows' native CryptoAPI for SHA1,
saving a dependency on libgcrypt or OpenSSL. The necessary functions
are in ADVAPI32.DLL, which is among the default lib flags and is
already used in hw/xwin for accessing the registry.
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Colin Harrison <colin.harrison@virgin.net>
Tested-by: Colin Harrison <colin.harrison@virgin.net>
It is not safe to ever use an arbitrary (possibly user supplied) string as
part of the format for a *sprintf() call.
For example:
1. Name a Bluetooth keyboard "%n%n%n%n%n%n%n%n"
2. Pair it with a computer running X and try to use it
3. X is not happy when trying to do the following in xf86-input-evdev:
xf86IDrvMsg(pInfo, X_CONFIG, "Device: \"%s\"\n", device);
because LogVHdrMessageVerb() has put the %n from the device name
into a format string of the form:
"evdev: %n%n%n%n%n%n%n%n: Device: \"%s\"\n"
Instead, build up a log message in place by appending successive formatted
strings by sncprintf'ing to the end of the previous.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The current code will write a timestamps into the logFile whenever
the last message ended with a '\n' - even if the verb for that timestamp
is at too high a level. This timestamp will sit there with no matching
message until the next call to LogVWrite with a valid verb.
In other words, in some cases, timestamps in the X.org.log are for some
completely unrelated message that was previously ignored due to
insufficient verbosity, and not for the message that appears next to it
in the log file.
We keep the current policy which appears to be to only apply timestamps if
a message is actually written to a log file. That is, no timestamps on
stderr, or in the mem buffer. Therefore, the timestamp stringification
is moved to the conditional where it is used.
Since logging uses a fixed length buffer, this patch also forces a '\n'
whenever a buffer is terminated due to a too-long write request. This
allows the newline detection to work even on overflow, and also cleans up
the log a bit in the overflow case.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Normal snprintf() usually returns the number of bytes that would have been
written into a buffer had the buffer been long enough.
The scnprintf() variants return the actual number of bytes written,
excluding the trailing '\0'.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
* space->tab
* remove comment that doesn't make any sense
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
If TimerSet() is called from a signal handler (synaptics tap handling code)
may result in list corruption if we're currently inside TimerSet().
See backtrace in
https://bugzilla.redhat.com/show_bug.cgi?id=814869
Block signals for all list manipulations in the timers.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
This option specifies a file descriptor in the launching process. X
will scan for an available display number and write that number back to
the launching process, at the same time as SIGUSR1 generation. This
means display managers don't need to guess at available display numbers.
As a consequence, if X fails to start when using -displayfd, it's not
because the display was in use, so there's no point in retrying the X
launch on a higher display number.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Tested-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Preparation work for per-device idle counters.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: James Jones <jajones@nvidia.com>
This is strictly the application of the script 'x-indent-all.sh'
from util/modular. Compared to the patch that Daniel posted in
January, I've added a few indent flags:
-bap
-psl
-T PrivatePtr
-T pmWait
-T _XFUNCPROTOBEGIN
-T _XFUNCPROTOEND
-T _X_EXPORT
The typedefs were needed to make the output of sdksyms.sh match the
previous output, otherwise, the code is formatted badly enough that
sdksyms.sh generates incorrect output.
The generated code was compared with the previous version and found to
be essentially identical -- "assert" line numbers and BUILD_TIME were
the only differences found.
The comparison was done with this script:
dir1=$1
dir2=$2
for dir in $dir1 $dir2; do
(cd $dir && find . -name '*.o' | while read file; do
dir=`dirname $file`
base=`basename $file .o`
dump=$dir/$base.dump
objdump -d $file > $dump
done)
done
find $dir1 -name '*.dump' | while read dump; do
otherdump=`echo $dump | sed "s;$dir1;$dir2;"`
diff -u $dump $otherdump
done
Signed-off-by: Keith Packard <keithp@keithp.com>
Acked-by: Daniel Stone <daniel@fooishbar.org>
Acked-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Changes to output:
* "Backtrace:" now appears on a separate line _with_ a timestamp
* A blank line is inserted after the last backtrace line
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Uses kvm_getargv() from libkvm.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Move some constants near their only users, and remove some
getdtablesize() logic that's second-guessing configure.
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Forwarding proxies like sshd will appear to be local, even though they
aren't really. This leads to weird behaviour for extensions that truly
require running under the same OS services as the client, like MIT-SHM
and DRI2.
Add two new legal values for the initial connection's byteOrder field,
'r' and 'R'. These act like 'l' and 'B' respectively, but have the side
effect of forcing the client to be treated as non-local. Forwarding
proxies should attempt to munge the first packet of the connection
accordingly; older servers will reject connections thusly munged, so the
proxy should fall back to passthrough if the munged connection attempt
fails.
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
If dladdr returns 0, don't go and use the returned Dl_info, it may
contain garbage.
X.Org bug#44315 <https://bugs.freedesktop.org/show_bug.cgi?id=44315>
Reported-and-tested-by: Cyril Brulebois <kibi@debian.org>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Cyril Brulebois <kibi@debian.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Uses /proc/pid/psinfo to read command & partial arguments.
Moves cmdsize & argsize variables into non-Solaris #else clause
to avoid unused variable warnings.
Fixes format mismatch errors when building with DEBUG defined on
a 64-bit platform (where Mask is defined as CARD32).
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Signed-off-by: Keith Packard <keithp@keithp.com>
xdmcp.c:63:36: warning: initialization discards qualifiers from pointer target type
xdmcp.c: In function 'XdmcpRegisterConnection':
xdmcp.c:482:8: warning: cast discards qualifiers from pointer target type
xdmcp.c:482:8: warning: cast discards qualifiers from pointer target type
xdmcp.c:482:8: warning: cast discards qualifiers from pointer target type
xdmcp.c: In function 'get_mcast_options':
xdmcp.c:1596:21: warning: initialization discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
And instead of initializing to NULL, then resetting to LOCKDIR almost
immediately (before ever using the NULL value), skip directly to setting
it to LOCKDIR.
tmppath variable is only used as input for generating the path name
via calls to strlen, sprintf, etc.
Fixes gcc warning of:
utils.c: In function 'LockServer':
utils.c:259:11: warning: assignment discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Fixes gcc warning:
io.c: In function 'WriteToClient':
io.c:826:6: warning: cast discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
It's only passed as the input side of a strcpy and as the filename to
fopen, so doesn't need to be non-const. Fixes gcc warning:
osinit.c: In function 'OsInit':
osinit.c:154:28: warning: initialization discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Almost all of the places the string is assigned point to a literal
string constant, so use const char * for those, and const char **
for function calls that return it via an argument. Fortunately
the top level function, ClientAuthorized, which returns the string
as its return value is called from only one place, ProcEstablishConnection.
ProcEstablishConnection stores either that return value or a string literal
in char *reason. It only uses reason as an argument to SendConnSetup.
SendConnSetup passes the reason argument to strlen & WriteToClient,
both of which already have const qualifiers on their args.
Thus added const to the reason variable in ProcEstablishConnection
and the reason argument to SendConnSetup.
Fixes gcc warnings:
dispatch.c: In function 'ProcEstablishConnection':
dispatch.c:3711:9: warning: assignment discards qualifiers from pointer target type
auth.c: In function 'CheckAuthorization':
auth.c:218:14: warning: assignment discards qualifiers from pointer target type
auth.c:220:20: warning: assignment discards qualifiers from pointer target type
connection.c: In function 'ClientAuthorized':
connection.c:683:3: warning: return discards qualifiers from pointer target type
mitauth.c: In function 'MitCheckCookie':
mitauth.c:88:13: warning: assignment discards qualifiers from pointer target type
xdmauth.c:259:14: warning: assignment discards qualifiers from pointer target type
xdmauth.c:270:14: warning: assignment discards qualifiers from pointer target type
xdmauth.c:277:11: warning: assignment discards qualifiers from pointer target type
xdmauth.c:293:15: warning: assignment discards qualifiers from pointer target type
xdmauth.c:313:14: warning: assignment discards qualifiers from pointer target type
xdmauth.c:322:11: warning: assignment discards qualifiers from pointer target type
rpcauth.c: In function 'SecureRPCCheck':
rpcauth.c:136:10: warning: assignment discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
gcc was warning from storing string constants in a char *name field:
auth.c:64:1: warning: initialization discards qualifiers from pointer target type
auth.c:72:1: warning: initialization discards qualifiers from pointer target type
auth.c:81:1: warning: initialization discards qualifiers from pointer target type
Making the field const requires changing AuthorizationFromID to take
a const char ** pointer for the name argument which it sets to point
to the matching name entry.
Changing that argument requires changing its sole caller in the security
extension to pass the address of a const char * variable to it, which it
can do, since the only thing it does with the returned name is to pass
it back to the RemoveAuthorization function that already expects a const
char *name.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
No need to cast to char * now that all supported platforms use C89-standard
void * argument types, so just drop the casts from acmp & acopy macros,
which clears the gcc warnings for places const pointers were cast non-const:
access.c: In function 'DefineSelf':
access.c:786:3: warning: cast discards qualifiers from pointer target type
access.c:795:6: warning: cast discards qualifiers from pointer target type
access.c: In function 'NewHost':
access.c:1293:9: warning: cast discards qualifiers from pointer target type
access.c:1298:6: warning: cast discards qualifiers from pointer target type
access.c:1309:5: warning: cast discards qualifiers from pointer target type
Without the casts, acmp & acopy are just a funny way to write memcmp
& memmove, so drop the macros and inline the calls, taking care to
swap the first two arguments to memmove since it had swapped them.
Since all the calls to memmove end up being to non-overlapping memory
(mostly copying from an existing pointer to a newly allocated one),
replace those with memcpy.
And finally, don't actually call memcpy to copy 0 bytes from one place
to another, since that's just a waste of a perfectly good function call.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Replace multiple methods of checking for functions with AC_CHECK_FUNCS
Replace multiple methods of selecting fallback funcs with AC_REPLACE_FUNCS
Replace HAS_* and NEED_* #defines with autogenerated HAVE_*
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
Silencing more gcc -Wwrite-strings warnings
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
This batch is the straightforward set - others are more complex and
need more analysis to determine right size to pass.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
"log.c", line 382: warning: assignment type mismatch:
pointer to char "=" pointer to const char
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
The extra "out" pointer to redirect writes to the array isn't needed since
the removal of LBX (commit a9ed5a8790), and eliminating it allows more
logical use of sizeof(addr) in length-checked strlcpy & snprintf calls to
write to it.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
*cmdname is initialized to NULL earlier in the function, so it's
okay to overwrite it with NULL if strdup fails, don't need that
extra check.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
As long as we're carrying around a compatibility copy in os/strl*.c,
might as well use them.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Linux test code fixed by: Keith Packard <keithp@keithp.com>
Two instances found in the SIOCGIFCONF code for listing network interfaces.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Any pad bytes in replies are written to the client from a zeroed
array. However, record extension tries to incorrectly access the pad
bytes from the end of reply data.
Signed-off-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Reviewed-by: Erkki Seppälä <erkki.seppala@vincit.fi>