From 1c08a37e0eb4746e8974eb7a70ca4b7b84712963 Mon Sep 17 00:00:00 2001 From: Sam Lau Date: Thu, 3 Jun 2010 19:17:14 -0700 Subject: [PATCH 1/3] SecurityResource should not segfault when client owning resource has exited Fixes OpenSolaris bug 6949754: Xorg crashes when the magnifier is enabled at gdm login greeter window. http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6949754 Signed-off-by: Alan Coopersmith Reviewed-by: Eamon Walsh --- Xext/security.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Xext/security.c b/Xext/security.c index b37339fa7..7eb95de74 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -805,7 +805,6 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) Mask allowed = SecurityResourceMask; subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); - obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey); /* disable background None for untrusted windows */ if ((requested & DixCreateAccess) && (rec->rtype == RT_WINDOW)) @@ -831,8 +830,11 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) allowed |= DixReadAccess; } - if (SecurityDoCheck(subj, obj, requested, allowed) == Success) - return; + if (clients[cid] != NULL) { + obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey); + if (SecurityDoCheck(subj, obj, requested, allowed) == Success) + return; + } SecurityAudit("Security: denied client %d access %x to resource 0x%x " "of client %d on request %s\n", rec->client->index, From c5eb5d69e5183860185a05cfcce16af635cab9aa Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Thu, 3 Jun 2010 19:28:43 -0700 Subject: [PATCH 2/3] Record some additional library dependencies in xf86 modules Helps with symbol resolution when building with -z defs Signed-off-by: Alan Coopersmith Reviewed-by: Dan Nicholson --- configure.ac | 8 +++++++- fb/Makefile.am | 2 ++ hw/xfree86/int10/Makefile.am | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 02660a6b4..4ada8f5d4 100644 --- a/configure.ac +++ b/configure.ac @@ -794,7 +794,7 @@ APPLEWMPROTO="applewmproto >= 1.4" dnl Core modules for most extensions, et al. REQUIRED_MODULES="[randrproto >= 1.2.99.3] [renderproto >= 0.11] [fixesproto >= 4.1] [damageproto >= 1.1] [xcmiscproto >= 1.2.0] [xextproto >= 7.0.99.3] [xproto >= 7.0.17] [xtrans >= 1.2.2] [bigreqsproto >= 1.1.0] fontsproto [inputproto >= 1.9.99.902] [kbproto >= 1.0.3]" -REQUIRED_LIBS="xfont xau [pixman-1 >= 0.15.20]" +REQUIRED_LIBS="xfont xau" dnl List of libraries that require a specific version LIBAPPLEWM="applewm >= 1.4" @@ -810,6 +810,12 @@ LIBGLIB="glib-2.0 >= 2.16" LIBUDEV="libudev >= 143" LIBSELINUX="libselinux >= 2.0.86" LIBDBUS="dbus-1 >= 1.0" +LIBPIXMAN="pixman-1 >= 0.15.20" + +dnl Pixman is always required, but we separate it out so we can link +dnl specific modules against it +PKG_CHECK_MODULES(PIXMAN, $LIBPIXMAN) +REQUIRED_LIBS="$REQUIRED_LIBS $LIBPIXMAN" if test "x$CONFIG_UDEV" = xyes && { test "x$CONFIG_DBUS_API" = xyes || test "x$CONFIG_HAL" = xyes; }; then diff --git a/fb/Makefile.am b/fb/Makefile.am index 64e49f345..2f3073da8 100644 --- a/fb/Makefile.am +++ b/fb/Makefile.am @@ -11,8 +11,10 @@ sdk_HEADERS = fb.h fbrop.h fboverlay.h wfbrename.h fbpict.h endif libfb_la_CFLAGS = $(AM_CFLAGS) +libfb_la_LIBADD = $(PIXMAN_LIBS) libwfb_la_CFLAGS = $(AM_CFLAGS) -DFB_ACCESS_WRAPPER +libwfb_la_LIBADD = $(PIXMAN_LIBS) libfb_la_SOURCES = \ fb.h \ diff --git a/hw/xfree86/int10/Makefile.am b/hw/xfree86/int10/Makefile.am index 36d2ad0bb..f5ece69ef 100644 --- a/hw/xfree86/int10/Makefile.am +++ b/hw/xfree86/int10/Makefile.am @@ -5,6 +5,7 @@ sdk_HEADERS = xf86int10.h EXTRA_CFLAGS = libint10_la_LDFLAGS = -avoid-version +libint10_la_LIBADD = $(PCIACCESS_LIBS) COMMON_SOURCES = \ helper_exec.c \ From 8ff9b502cfce3828f7855ffba7949d6ebee34031 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Fri, 4 Jun 2010 08:44:02 -0700 Subject: [PATCH 3/3] Solaris: avoid memory leak if AGPIOC_INFO ioctl fails Move malloc after ioctl, so we don't have to worry about free'ing the memory if the ioctl fails. [ This bug was found by the Parfait bug checking tool. For more information see http://research.sun.com/projects/parfait ] Signed-off-by: Alan Coopersmith Reviewed-by: Mikhail Gusarov --- hw/xfree86/os-support/solaris/sun_agp.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hw/xfree86/os-support/solaris/sun_agp.c b/hw/xfree86/os-support/solaris/sun_agp.c index 734a6e1a6..9db5d6368 100644 --- a/hw/xfree86/os-support/solaris/sun_agp.c +++ b/hw/xfree86/os-support/solaris/sun_agp.c @@ -115,12 +115,6 @@ xf86GetAGPInfo(int screenNum) if (!GARTInit(screenNum)) return NULL; - if ((info = calloc(sizeof(AgpInfo), 1)) == NULL) { - xf86DrvMsg(screenNum, X_ERROR, - "xf86GetAGPInfo: Failed to allocate AgpInfo\n"); - return NULL; - } - if (ioctl(gartFd, AGPIOC_INFO, &agpinf) != 0) { xf86DrvMsg(screenNum, X_ERROR, "xf86GetAGPInfo: AGPIOC_INFO failed (%s)\n", @@ -128,6 +122,12 @@ xf86GetAGPInfo(int screenNum) return NULL; } + if ((info = calloc(sizeof(AgpInfo), 1)) == NULL) { + xf86DrvMsg(screenNum, X_ERROR, + "xf86GetAGPInfo: Failed to allocate AgpInfo\n"); + return NULL; + } + info->bridgeId = agpinf.agpi_devid; info->agpMode = agpinf.agpi_mode; info->base = agpinf.agpi_aperbase;