From 2be3b5bcdbd4cedbc8a4164315df6ee16cba8cfa Mon Sep 17 00:00:00 2001 From: stefan11111 Date: Mon, 30 Jun 2025 23:39:34 +0300 Subject: [PATCH] Xext: revert 92ba36008e11fa82ebf99a2502465926d9b3e46b This commit calls free() on a pointer with an offset. I tried fixing just this, but the vidmode extension was still broken. Signed-off-by: stefan11111 --- Xext/vidmode.c | 107 +++++++++++++++++++++++++------------------------ 1 file changed, 55 insertions(+), 52 deletions(-) diff --git a/Xext/vidmode.c b/Xext/vidmode.c index f9bbf9830..a876fdd90 100644 --- a/Xext/vidmode.c +++ b/Xext/vidmode.c @@ -1229,20 +1229,14 @@ ProcVidModeLockModeSwitch(ClientPtr client) return Success; } -static inline CARD32 _combine_f(vidMonitorValue a, vidMonitorValue b, Bool swapped) -{ - CARD32 buf = - ((unsigned short) a.f) | - ((unsigned short) b.f << 16); - if (swapped) - swapl(&buf); - return buf; -} - static int ProcVidModeGetMonitor(ClientPtr client) { REQUEST(xXF86VidModeGetMonitorReq); + CARD32 *hsyncdata, *vsyncdata; + ScreenPtr pScreen; + VidModePtr pVidMode; + int i, nHsync, nVrefresh, vendorLength = 0, modelLength = 0; DEBUG_P("XF86VidModeGetMonitor"); @@ -1250,23 +1244,24 @@ ProcVidModeGetMonitor(ClientPtr client) if (stuff->screen >= screenInfo.numScreens) return BadValue; - ScreenPtr pScreen = screenInfo.screens[stuff->screen]; + pScreen = screenInfo.screens[stuff->screen]; - VidModePtr pVidMode = VidModeGetPtr(pScreen); + pVidMode = VidModeGetPtr(pScreen); if (pVidMode == NULL) return BadImplementation; - const int nHsync = pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_NHSYNC, 0).i; - const int nVrefresh = pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_NVREFRESH, 0).i; + nHsync = pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_NHSYNC, 0).i; + nVrefresh = pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_NVREFRESH, 0).i; - const char *vendorStr = (const char*)pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_VENDOR, 0).ptr; - const char *modelStr = (const char*)pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_MODEL, 0).ptr; + if ((char *) (pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_VENDOR, 0)).ptr) + vendorLength = strlen((char *) (pVidMode->GetMonitorValue(pScreen, + VIDMODE_MON_VENDOR, + 0)).ptr); - const int vendorLength = (vendorStr ? strlen(vendorStr) : 0); - const int modelLength = (modelStr ? strlen(modelStr) : 0); - - const int nVendorItems = bytes_to_int32(pad_to_int32(vendorLength)); - const int nModelItems = bytes_to_int32(pad_to_int32(modelLength)); + if ((char *) (pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_MODEL, 0)).ptr) + modelLength = strlen((char *) (pVidMode->GetMonitorValue(pScreen, + VIDMODE_MON_MODEL, + 0)).ptr); xXF86VidModeGetMonitorReply rep = { .type = X_Reply, @@ -1276,51 +1271,59 @@ ProcVidModeGetMonitor(ClientPtr client) .vendorLength = vendorLength, .modelLength = modelLength, .length = bytes_to_int32(sizeof(xXF86VidModeGetMonitorReply) - - sizeof(xGenericReply)) - + nHsync + nVrefresh + nVendorItems + nModelItems + sizeof(xGenericReply) + + (nHsync + nVrefresh) * sizeof(CARD32) + + pad_to_int32(vendorLength) + + pad_to_int32(modelLength)), }; - const int buflen = nHsync * nVrefresh + nVendorItems + nModelItems; - - CARD32 *sendbuf = calloc(buflen, sizeof(CARD32)); - if (!sendbuf) + hsyncdata = calloc(nHsync, sizeof(CARD32)); + if (!hsyncdata) { return BadAlloc; + } + vsyncdata = calloc(nVrefresh, sizeof(CARD32)); - CARD32 *bufwalk = sendbuf; - - for (int i = 0; i < nHsync; i++) { - *bufwalk = _combine_f(pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_HSYNC_LO, i), - pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_HSYNC_HI, i), - client->swapped); - bufwalk++; + if (!vsyncdata) { + free(hsyncdata); + return BadAlloc; } - for (int i = 0; i < nVrefresh; i++) { - *bufwalk = _combine_f(pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_VREFRESH_LO, i), - pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_VREFRESH_HI, i), - client->swapped); - bufwalk++; + for (i = 0; i < nHsync; i++) { + hsyncdata[i] = (unsigned short) (pVidMode->GetMonitorValue(pScreen, + VIDMODE_MON_HSYNC_LO, + i)).f | + (unsigned + short) (pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_HSYNC_HI, + i)).f << 16; + } + for (i = 0; i < nVrefresh; i++) { + vsyncdata[i] = (unsigned short) (pVidMode->GetMonitorValue(pScreen, + VIDMODE_MON_VREFRESH_LO, + i)).f | + (unsigned + short) (pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_VREFRESH_HI, + i)).f << 16; } - - memcpy(sendbuf, - pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_VENDOR, 0).ptr, - vendorLength); - sendbuf += nVendorItems; - - memcpy(sendbuf, - pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_MODEL, 0).ptr, - modelLength); - sendbuf += nModelItems; if (client->swapped) { swaps(&rep.sequenceNumber); swapl(&rep.length); + SwapLongs(hsyncdata, sizeof(hsyncdata)); + SwapLongs(vsyncdata, sizeof(vsyncdata)); } - WriteToClient(client, SIZEOF(xXF86VidModeGetMonitorReply), &rep); - WriteToClient(client, buflen * sizeof(CARD32), sendbuf); + WriteToClient(client, sizeof(hsyncdata), hsyncdata); + WriteToClient(client, sizeof(vsyncdata), vsyncdata); + if (rep.vendorLength) + WriteToClient(client, rep.vendorLength, + (pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_VENDOR, 0)).ptr); + if (rep.modelLength) + WriteToClient(client, rep.modelLength, + (pVidMode->GetMonitorValue(pScreen, VIDMODE_MON_MODEL, 0)).ptr); + + free(hsyncdata); + free(vsyncdata); - free(sendbuf); return Success; }