Aaron Plattner 587c3a2d19 Bug #22804: Reject out of bounds XGetImage requests ... The XGetImage man page states: If the drawable is a window, the window must be viewable, and it must be the case that if there were no inferiors or overlapping windows, the specified rectangle of the window would be fully visible on the screen and wholly contained within the outside edges of the window, or a BadMatch error results. Note that the borders of the window can be included and read with this request. However, the server was only checking the requested region against the screen bounds, allowing XGetImage requests to read pixels outside the bounds of a window's ancestors. Normally, this would just read other pixels from the screen, but if one of the ancestor windows is redirected, the window's backing pixmap may be smaller than the window itself. This change checks the region against the window's bounding drawable, which is either the screen pixmap, a redirected window's backing pixmap, or the root window for servers that don't support GetWindowPixmap. Signed-off-by: Aaron Plattner <aplattner@nvidia.com> Reviewed-by: Keith Packard <keithp@keithp.com>		2009-07-22 12:52:49 -07:00
composite	Correct some Sun license notices to Sun's standard X11 license format	2009-05-15 11:24:15 -07:00
config	config: fix build after XI2 API changes to RemoveDevice.	2009-06-07 20:35:14 +10:00
damageext	Fix most remaining deprecated resource lookups.	2009-04-29 01:04:37 -04:00
dbe	dbe: Fix indentation	2009-07-17 14:57:50 -04:00
dix	Bug #22804: Reject out of bounds XGetImage requests	2009-07-22 12:52:49 -07:00
doc	Xephyr & Xserver man page fixes	2009-07-07 17:36:24 -07:00
exa	EXA: Make Prepare/FinishAccess tracking resilient to repeated / nested calls.	2009-07-21 14:34:13 +02:00
fb	Reserve space for two GC values in copy_drawable().	2009-07-09 17:23:04 -04:00
glx	glx: switch to byte counting functions	2009-07-14 10:13:44 +10:00
hw	Cygwin/X: winInitMultiWindowClass() should be static	2009-07-21 16:19:40 +01:00
include	XQuartz: Initial support for automatic updates through Sparkle	2009-07-20 22:04:18 -07:00
m4	Add shave so that we can see the steaming piles of warnings generated.	2009-04-14 10:35:44 -04:00
mi	Check dev->u.master if there is a custom event handler, too	2009-07-17 14:40:54 +10:00
miext	Cygwin/X: Fix multiwindow extwm mode to build again	2009-06-29 18:00:03 +01:00
os	Update to xextproto 7.0.99.1.	2009-07-15 17:00:05 +10:00
randr	randr: switch to byte counting functions	2009-07-14 10:14:01 +10:00
record	record: switch to byte counting functions	2009-07-14 10:14:02 +10:00
render	Render: Add support for the PDF blend mode operators.	2009-07-15 00:37:05 +02:00
test	input: remove XI2 keysym grabs, use keycode grabs instead.	2009-07-22 12:12:51 +10:00
Xext	Xext: include securproto.h instead of securstr.h	2009-07-17 14:40:54 +10:00
xfixes	xfixes: switch to byte counting functions	2009-07-14 10:14:02 +10:00
Xi	input: remove XI2 keysym grabs, use keycode grabs instead.	2009-07-22 12:12:51 +10:00
xkb	xkb: cosmetic fix, use TRUE instead of True.	2009-07-16 09:29:17 +10:00
.gitignore	Add shave so that we can see the steaming piles of warnings generated.	2009-04-14 10:35:44 -04:00
autogen.sh	autogen.sh: Pass --force to autoreconf	2008-07-22 16:55:26 +03:00
configure.ac	input: remove XI2 keysym grabs, use keycode grabs instead.	2009-07-22 12:12:51 +10:00
COPYING	Correct some Sun license notices to Sun's standard X11 license format	2009-05-15 11:24:15 -07:00
cpprules.in	For MANDEFS, also replace __mandir__ for $(mandir) which includes	2006-12-08 15:51:44 -06:00
Makefile.am	Add test subdir to base Makefile.am	2009-07-14 11:40:46 +10:00
shave-libtool.in	Add shave so that we can see the steaming piles of warnings generated.	2009-04-14 10:35:44 -04:00
shave.in	Add shave so that we can see the steaming piles of warnings generated.	2009-04-14 10:35:44 -04:00
xorg-server.m4	Add xorg-server.m4 for driver dependency checking.	2005-11-01 15:01:51 +00:00
xorg-server.pc.in	Since font modules are dead, don't mention them in xorg-server.pc	2009-07-09 17:21:07 -04:00