frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

randr: Catch two more potential unset rrScrPriv uses 

Ricardo Salveti <ricardo.salveti@linaro.org> found one place where the
randr code could use the randr screen private data without checking
for null first. This happens when the X server is running with
multiple screens, some of which are randr enabled and some of which
are not. Applications making protocol requests to the non-randr
screens can cause segfaults where the server touches the unset private
structure.

I audited the code and found two more possible problem spots; the
trick to auditing for this issue was to look for functions not taking
a RandR data structure and where there was no null screen private
check above them in the call graph.

Signed-off-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
Keith Packard 2012-06-21 18:45:18 -07:00
parent 32603f57ca
commit 855003c333
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
randr/rroutput.c
View File

@ -546,6 +546,7 @@ ProcRRSetOutputPrimary(ClientPtr client)
} }
pScrPriv = rrGetScrPriv(pWin->drawable.pScreen); pScrPriv = rrGetScrPriv(pWin->drawable.pScreen);
if (pScrPriv)
RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output); RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
return Success; return Success;

3
randr/rrscreen.c
View File

@ -248,6 +248,9 @@ ProcRRSetScreenSize(ClientPtr client)
pScreen = pWin->drawable.pScreen; pScreen = pWin->drawable.pScreen;
pScrPriv = rrGetScrPriv(pScreen); pScrPriv = rrGetScrPriv(pScreen);
if (!pScrPriv)
return BadMatch;
if (stuff->width < pScrPriv->minWidth || pScrPriv->maxWidth < stuff->width) { if (stuff->width < pScrPriv->minWidth || pScrPriv->maxWidth < stuff->width) {
client->errorValue = stuff->width; client->errorValue = stuff->width;
return BadValue; return BadValue;