These files haven't been auto-generated, but instead manually changed for
at least over a decade now, so these warnings have become wrong.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1728>
It's just a local header, doing nothing more than including misc.h,
so we can just include misc.h directly and drop glxbyteorder.h
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1728>
The cleanup function for GBM is called on the various error paths.
Once xwl_glamor_gbm_cleanup() has been called, GBM support is no longer
usable (and the corresponding data structures are freed), so there is
no way we can keep using GLAMOR after that point.
Make sure to explicitly disable GLAMOR support in that case, so we do
not crash later on trying to use GBM.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1768>
Consider the following keymap:
```xkb
xkb_keymap {
xkb_keycodes {
<compose> = 135;
};
xkb_symbols {
key <compose> {
[ SetGroup(group = +1) ]
};
};
};
```
When the user presses the compose key, the following happens:
1. The compositor forwards the key to Xwayland.
2. Xwayland executes the SetGroup action and sets the base_group to 1
and the effective group to 1.
3. The compositor updates its own state and sends the effective group,
1, to Xwayland.
4. Xwayland sets the locked group to 1 and the effective group to
1 + 1 = 2.
This is wrong since pressing compose should set the effective group to 1
but to X applications the effective group appears to be 2.
This commit makes it so that Xwayland completely ignores the key
behaviors and actions of the keymap and only updates the modifier and
group components in response to the wayland modifiers events.
Signed-off-by: Julian Orth <ju.orth@gmail.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1758>
Support for using inet_ntop() was originally added to support IPv6,
and only used for IPv6 addresses in AuthAudit(). Two decades later,
support for inet_ntop() is ubiquitous and OS'es have marked inet_ntoa()
as deprecated, so use the modern interface for IPv4 as well now.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1760>
Support for using getaddrinfo() was originally added to support IPv6,
and only used if IPv6 support was enabled. Two decades later, support
for getaddrinfo() is ubiquitous and OS'es have marked gethostbyname()
as deprecated, so use the modern interface whenever we can now.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1760>
The supported color depths is a hardcoded list for now, so we
need to honor the value exposed there otherwise we'll get
inconsistencies between what glXGetFBConfigs and XListDepths
report to applications.
Signed-off-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1764>
This way the caller knows if the conversion failed.
While at it, check for width/height at the same time.
Signed-off-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1764>
Generating the modifier modmap, the helper function generate_modkeymap()
would check the entire range up to the MAP_LENGTH.
However, the given keymap might have less keycodes than MAP_LENGTH, in
which case we would go beyond the size of the modmap, as reported by
ASAN:
==ERROR: AddressSanitizer: heap-buffer-overflow
READ of size 1 at 0x5110001c225b thread T0
#0 0x5e7369393873 in generate_modkeymap ../dix/inpututils.c:309
#1 0x5e736930dcce in ProcGetModifierMapping ../dix/devices.c:1794
#2 0x5e7369336489 in Dispatch ../dix/dispatch.c:550
#3 0x5e736934407d in dix_main ../dix/main.c:275
#5 0x7e46d47b2ecb in __libc_start_main
#6 0x5e73691be324 in _start (xserver/build/hw/xwayland/Xwayland)
Address is located 0 bytes after 219-byte region
allocated by thread T0 here:
#0 0x7e46d4cfc542 in realloc
#1 0x5e73695aa90e in _XkbCopyClientMap ../xkb/xkbUtils.c:1142
#2 0x5e73695aa90e in XkbCopyKeymap ../xkb/xkbUtils.c:1966
#3 0x5e73695b1b2f in XkbDeviceApplyKeymap ../xkb/xkbUtils.c:2023
#4 0x5e73691c6c18 in keyboard_handle_keymap ../hw/xwayland/xwayland-input.c:1194
As MAP_LENGTH is used in various code paths where the max keycode might
not be easily available, best is to always use MAP_LENGTH to allocate the
keymaps so that the code never run past the buffer size.
If the max key code is smaller than the MAP_LENGTH limit, fill-in the gap
with zeros.
That also simplifies the code slightly as we do not constantly need to
reallocate the keymap to adjust to the max key code size.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1780
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1762>
Currently, Xwayland creates a pixmap backed by shared memory buffer as
soon as an X11 cursor is realized, which is destroyed when the cursor is
eventually unrealized.
If an X11 client is leaking cursors, Xwayland will be creating new
pixmaps continuously, which will eventually cause an error once the
limit is reached, and get Xwayland killed.
However, we do not need the shared memory buffer to stay around, we
already have the buffer retention mechanism which will take care of
keeping the buffer around until the Wayland compositor is done with it,
so we could just create and destroy the pixmap as needed when setting
the cursor.
That would not fix the leak in the X11 application, yet that would
mitigate the risk of Xwayland being killed by reaching the shared memory
limits, until the client itself reaches the limit of X11 resources.
v2: Don't increase the pixmap refcnt to destroy it just after (Michel)
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Suggested-by: Michel Dänzer <michel@daenzer.net>
See-also: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1773
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1754>
git supports ignoring specific revs during git blame, configured via
$ git config blame.ignoreRevsFile .git-blame-ignore-revs
Let's make this easier for developers to set up, starting with the
one massive coding style change commit.
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1748>
For the Wayland compositors who do not implement XkbBellNotifyMask but
support the Wayland protocol xdg-system-bell, use that to ring the
bell.
v2: Be more selective on the device, make sure it's a keyboard and it
has core events.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1742>
If any dependency that a DDX requires is missing, the build of the DDX
will be automatically disabled, and the CI check will succeed.
We want the build to fail if any of the expected DDX cannot be built in
the CI, so let's force-enable them at build time.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
v2: Use a variable for the DDX build args (Peter Hutterer
<peter.hutterer@who-t.net>)
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1743>
Found by clang 13.0.1:
../xkb/xkbtext_priv.h:5:9: warning: '_XSERVER_XKB_XKBTEXT_PRIV_H' is used
as a header guard here, followed by #define of a different macro
[-Wheader-guard]
#ifndef _XSERVER_XKB_XKBTEXT_PRIV_H
^~~~~~~~~~~~~~~~~~~~~~~~~~~
../xkb/xkbtext_priv.h:6:9: note: '_XSERVER_XKB_XKBTEXt_PRIV_H' is defined
here; did you mean '_XSERVER_XKB_XKBTEXT_PRIV_H'?
#define _XSERVER_XKB_XKBTEXt_PRIV_H
^~~~~~~~~~~~~~~~~~~~~~~~~~~
_XSERVER_XKB_XKBTEXT_PRIV_H
Fixes: 434044cb0 ("xkb: unexport functions from xkbtext.c")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1740>
Needed to build with IPv6 disabled using gcc 14 on some platforms to avoid:
In file included from /usr/X11/include/X11/Xtrans/transport.c:67,
from xstrans.c:17:
/usr/X11/include/X11/Xtrans/Xtranssock.c: In function ‘_XSERVTransSocketOpen’:
/usr/X11/include/X11/Xtrans/Xtranssock.c:467:28: error: passing argument 5
of ‘getsockopt’ from incompatible pointer type [-Wincompatible-pointer-types]
467 | (char *) &val, &len) == 0 && val < 64 * 1024)
| ^~~~
| |
| size_t * {aka long unsigned int *}
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1736>
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.
However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
CVE-2024-9632, ZDI-CAN-24756
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Tested-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: José Expósito <jexposit@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1733>
Found by Oracle Parfait 13.3 static analyzer:
Memory leak [memory-leak]:
Memory leak of pointer event allocated with calloc(1, 16)
at line 470 of hw/xfree86/drivers/modesetting/present.c in
function 'ms_present_unflip'.
event allocated at line 431 with calloc(1, 16)
event leaks when ms_present_check_unflip(...) == 0 at line 438
and i >= config->num_crtc at line 445
Fixes: 13c7d53df ("modesetting: Implement page flipping support for Present.")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1730>
Previously, it was looping through sizeof(ev->valuators.mask) * 8
valuators, where valuators.mask is defined as an array of
(MAX_VALUATORS + 7) / 8 entries. Since MAX_VALUATORS is defined as 36,
this made it actually loop through 40 entries. The last 4 bits in this
array should never be set, so we should never access memory outside the
bounds of the arrays defined to be exactly MAX_VALUATORS in length, but
we can make the static analyzer happier and not waste time checking bits
that should never be set.
Found by Oracle Parfait 13.3 static analyzer:
Read outside array bounds [read-outside-array-bounds]:
In array dereference of ev->valuators.data[i] with index i
Array size is 36 elements (of 8 bytes each), index >= 0 and index <= 39
at line 741 of dix/eventconvert.c in function 'eventToDeviceEvent'.
Read outside array bounds [read-outside-array-bounds]:
In array dereference of ev->valuators.data[i] with index i
Array size is 36 elements (of 8 bytes each), index >= 0 and index <= 39
at line 808 of dix/eventconvert.c in function 'eventToRawEvent'.
Read outside array bounds [read-outside-array-bounds]:
In array dereference of ev->valuators.data_raw[i] with index i
Array size is 36 elements (of 8 bytes each), index >= 0 and index <= 39
at line 809 of dix/eventconvert.c in function 'eventToRawEvent'.
Fixes: b2ba77bac ("dix: add EventToXI2 and GetXI2Type.")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1730>
Found by Oracle Parfait 13.3 static analyzer:
Buffer Overflow in STD C function [buffer-overflow-call-stdc]:
Buffer overflow in call to memcpy. Buffer &bev->buttons[4] of
size 24 is written at an offset of 28
Array size is 28 bytes, index is 32
at line 743 of dix/enterleave.c in function
'DeliverStateNotifyEvent'.
Fixes: a85f0d6b9 ("Xi: fix use of button->down - bitflags instead of int arrays.")
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1730>
Found by Oracle Parfait 13.3:
Null pointer dereference [null-pointer-deref]:
Read from null pointer pVisual
at line 257 of dix/colormap.c in function 'CreateColormap'.
Null pointer introduced at line 412 of render/picture.c in
function 'PictureFindVisual'.
Constant 'NULL' passed into function CreateColormap, argument
pVisual, from call at line 431 in function
'PictureInitIndexedFormat'.
Function PictureFindVisual may return constant 'NULL' at
line 412, called at line 429.
Fixes: d4a101d4e ("Integration of DAMAGE-XFIXES branch to trunk")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1730>
The comments in that function say "This only happens if master is a
slave device. don't do that" but static analysis doesn't respect that.
Found by Oracle Parfait 13.3:
Null pointer dereference [null-pointer-deref]:
Read from null pointer XTestptr
at line 274 of Xi/xichangehierarchy.c in function 'remove_master'.
Null pointer introduced at line 691 of Xext/xtest.c in function
'GetXTestDevice'.
Function GetXTestDevice may return constant 'NULL' at line 691,
called at line 273 of Xi/xichangehierarchy.c in function
'remove_master'.
Null pointer dereference [null-pointer-deref]:
Read from null pointer XTestkeybd
at line 279 of Xi/xichangehierarchy.c in function 'remove_master'.
Null pointer introduced at line 691 of Xext/xtest.c in function
'GetXTestDevice'.
Function GetXTestDevice may return constant 'NULL' at line 691,
called at line 278 of Xi/xichangehierarchy.c in function
'remove_master'.
Fixes: 0814f511d ("input: store the master device's ID in the devPrivate for XTest devices.")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1730>
Found by Oracle Parfait 13.3 static analyzer:
Memory leak [memory-leak]:
Memory leak of pointer optname allocated with asprintf(&optname,
"\"%s\"", p->name)
at line 326 of hw/xfree86/common/xf86Configure.c in function
'configureDeviceSection'.
optname allocated at line 309 with asprintf(&optname, "\"%s\"",
p->name)
Fixes: code inherited from XFree86
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1730>
If the compiler knows of a better algorithm for counting the number of
bits set in a word for the target CPU, let it use that, instead of the
classic algorithm optimized for PDP-6.
Based on xorg/lib/libxext@490a25e6f8a4d2482af4364c700b68ad11a4d10b
v2: make old version static inline, stop exporting after !1695
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1674>