frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,846 Commits 293 Branches 13 Tags 61 MiB
Commit Graph

5846 Commits

Author SHA1 Message Date
Kristian Høgsberg dba5455f06 Un-K&R shm extension. 2008-06-11 11:41:44 -04:00
Matthieu Herrb 9171206db3 CVE-2008-2362 - RENDER Extension memory corruption 
Integer overflows can occur in the code validating the parameters for
the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient
and SProcRenderCreateConicalGradient functions, leading to memory
corruption by swapping bytes outside of the intended request
parameters.
 2008-06-11 08:06:10 -06:00
Matthieu Herrb 5257a0f83d CVE-2008-2361 - RENDER Extension crash 
An integer overflow may occur in the computation of the size of the
glyph to be allocated by the ProcRenderCreateCursor() function which
will cause less memory to be allocated than expected, leading later to
dereferencing un-mapped memory, causing a crash of the X server.
 2008-06-11 08:06:10 -06:00
Matthieu Herrb c5f69b297b CVE-2008-2360 - RENDER Extension heap buffer overflow 
An integer overflow may occur in the computation of the size of the
glyph to be allocated by the AllocateGlyph() function which will cause
less memory to be allocated than expected, leading to later heap
overflow.
 2008-06-11 08:06:09 -06:00
Matthieu Herrb 063f18ef6d CVE-2008-1379 - MIT-SHM arbitrary memory read 
An integer overflow in the validation of the parameters of the
ShmPutImage() request makes it possible to trigger the copy of
arbitrary server memory to a pixmap that can subsequently be read by
the client, to read arbitrary parts of the X server memory space.
 2008-06-11 08:06:09 -06:00
Matthieu Herrb 95d162c438 CVE-2008-1377 - RECORD and Security extensions memory corruption 
Lack of validation of the parameters of the
SProcSecurityGenerateAuthorization SProcRecordCreateContext
functions makes it possible for a specially crafted request to trigger
the swapping of bytes outside the parameter of these requests, causing
memory corruption.
 2008-06-11 08:06:09 -06:00
Peter Hutterer 656d5d9885 kdrive: fix wrong use of &, should be | instead. 
Fallout from 26e7e69ab8
 2008-06-11 17:32:59 +09:30
Peter Hutterer 6528eb885d Xext: init firstValuator to zero, otherwise core XTest events may get lost. 2008-06-11 17:24:19 +09:30
Peter Hutterer 6ab311c92d dix: Call RealizeCursor during InitializeSprite. 
RealizeCursor should be called when the cursor is allocated. However, when the
root cursor is allocated, no devices exist yet, and thus RealizeCursor is
never called. This may lead to segfaults lateron in DDXes like Xnest that
actually need to do something for each cursor, and lateron rely on that
DDX-specific data for each cursor has been initialized.
 2008-06-11 17:24:19 +09:30
Peter Hutterer e083b5a075 xnest: wrap the xnest cursor sprite funcs around the mi funcs. 
Modelled after the xfree86 code. Call miDCInitialize to init the SW rendering
engine, then take the pointers, store it in a xnest-local variable, and put
the xnest-specific sprite funcs in place. In the xnest sprite funcs, call
through to the mi sprite funcs after doing xnest-specific stuff.
 2008-06-11 17:24:19 +09:30
Peter Hutterer ea6a02c048 mi: protect mipointrst.h against multiple includes. 2008-06-11 17:24:19 +09:30
Peter Hutterer a3a7c12fcf xfree86: Fix up xf86ScaleAxis 
Some driver still call it, so we might as well work correctly. Always
resetting X to the Sxhigh is sub-optimal.
 2008-06-11 17:24:19 +09:30
Jeremy Huddleston f8431a62d5 XQuartz: Under the new startup model, we no longer need to do the foreground/background dance. 
(cherry picked from commit 4505bae5d7341e1241be50c25cb3d1b941701de4)
 2008-06-10 10:52:04 -07:00
Jeremy Huddleston c180a52332 XQuartz: Removed code path for old startup 
(cherry picked from commit a9ee6b0d00fab01a78408a85e6542e88c19fda7c)
 2008-06-10 10:51:58 -07:00
Roland Scheidegger 49751fee3b glx: copy msaa visual capabilities 2008-06-10 15:40:48 +02:00
Jeremy Huddleston 5170c169db XQuartz: Fixed the "laggy" startup under the new model. This was caused by xinit blocking expecting SIGUSR1 and our stub never sending it. 
(cherry picked from commit ee92aced10d0743c4658e53b58b5d9f5a094a415)
 2008-06-10 01:46:01 -07:00
Jeremy Huddleston 01ace5f3fd XQuartz: Updated icon with more rsolutions and made it more dark-background friendly 
(cherry picked from commit d8cf5623faab952a0f1196c8fe10baa09d1fc089)
 2008-06-10 01:46:00 -07:00
Aaron Plattner 607b0d09ea CreateColormap returns Success on success, not TRUE. 
Fixes a problem where enabling color index overlays disables the RENDER
extension.
 2008-06-09 09:54:25 -07:00
Peter Hutterer 2854abd39d xnest: fix up sprite funcs to stop compiler warnings. 2008-06-08 23:28:28 +09:30
Peter Hutterer c68ca0c7b2 xnest: switch to using EventList rather than xEvents. 2008-06-08 23:28:28 +09:30
Peter Hutterer 34429d16d3 xnest: call miDCInitialize rather than miPointerInitialize. 
This unfortunately gives us a lots of artefacts, so cursor rendering cannot be
assumed complete. But it's better than crashing.
 2008-06-08 23:28:28 +09:30
Peter Hutterer a7d4bec884 mi: remove leftover old license comment. 2008-06-08 23:28:28 +09:30
Peter Hutterer 585125685b ephyr: some whitespace changes. 2008-06-08 23:28:27 +09:30
Julien Cristau 782394fe53 mi: Fix typo in comments about deprecated functions 2008-06-06 12:10:35 +02:00
Michel Dänzer 6b96281100 EXA: Fix exaGetPixmapFirstPixel() crash if the driver has a CreatePixmap hook. 
Fixes http://bugs.freedesktop.org/show_bug.cgi?id=16243
 2008-06-06 11:01:03 +02:00
Peter Hutterer d25ffcfbfc mi: protect against possible NULL-pointer dereference. 2008-06-05 16:14:34 +09:30
Peter Hutterer 874dcdb3bd dmx: remove a ifndef XINPUT, XINPUT is always defined now. 2008-06-05 16:14:29 +09:30
Peter Hutterer 52752911ea dmx: don't free event list after use. 2008-06-05 16:14:23 +09:30
Peter Hutterer 5c5e581245 dmx: add an XFlush. 
Beats me why we need it, but without it we get segfaults lateron.
 2008-06-05 16:14:18 +09:30
Peter Hutterer 246c10441b dmx: fix false memory allocation. 
beNumVisuals and the number of GLX Visuals can be significantly different.
 2008-06-05 16:14:12 +09:30
Peter Hutterer 17cd262257 dmx: don't dereference a nullpointer. 2008-06-05 16:13:58 +09:30
Peter Hutterer 75eb635e35 dmx: add stubs for DeviceCursorInitialize, DeviceCursorCleanup 2008-06-05 16:13:44 +09:30
Peter Hutterer 3ff2f3a00e dmx: for now, don't acknowledge SDs. 2008-06-05 16:13:38 +09:30
Peter Hutterer 5bcd9e8953 dmx: learn about the existence of IsXExtensionPointer and IsXExtensionKeyboard 2008-06-05 16:13:23 +09:30
Peter Hutterer 8da8a0fec4 dmx: claim we support XI 2. 
We don't really, yet, but at least we get the full device list this way.
 2008-06-05 16:13:18 +09:30
Peter Hutterer 6f1d5147cb dmx: fix a segfault caused by GC devPrivates never being initalised. 2008-06-05 16:13:12 +09:30
Peter Hutterer d10ba4591a dmx: some more build fixes. 2008-06-05 16:13:03 +09:30
Paulo Cesar Pereira de Andrade 8d4d0b47a0 gl: include assert.h if we're compiling with DEBUG. 
Signed-off-by: Peter Hutterer <peter@cs.unisa.edu.au>
 2008-06-05 09:19:16 +09:30
Paulo Cesar Pereira de Andrade 8644aa4717 mi: minor build fix when compiling with debug enabled. 
Signed-off-by: Peter Hutterer <peter@cs.unisa.edu.au>
 2008-06-05 08:55:09 +09:30
Peter Hutterer fbf4b5f16a dix: set dst->mapWidth when allocating a new map. 2008-06-05 08:53:34 +09:30
Peter Hutterer ff3adf3e56 xkb: reset xkb_cached_map on CloseDownDevices. 
Could lead to some invalid pointers in the second server generation.
 2008-06-05 08:53:34 +09:30
Jeremy Huddleston 40855d8000 XQuartz: Removed async debugging sleep 
(cherry picked from commit 7812a8bdf9fab651ea5c07b852b2999547ec628d)
 2008-06-04 12:24:15 -07:00
Jeremy Huddleston ee86b75119 XQuartz: use a condition variable to signal when darwinEvents is ready rather than polling 
(cherry picked from commit ff1c443cadf11d12a7d939e51194f6105153870e)
 2008-06-04 12:24:12 -07:00
Jeremy Huddleston 38da26cd36 XQuartz: Don't forget to destroy the mutex and cond after we're done with them 
(cherry picked from commit c3558bb8cd889e5b957190e9f5d23afad1e17b72)
 2008-06-04 12:24:10 -07:00
Jeremy Huddleston ea40fcf434 XQuartz: Fork for trigger 
(cherry picked from commit dd0f8a0f59593d7831fe09a2a086fcd57c84910e)
 2008-06-04 12:24:06 -07:00
Jeremy Huddleston 2393dae6ff XQuartz: Switched over to new startup path for testing. Cleaned it up a bit. Server still crashes when using the icon to launch =/ 
(cherry picked from commit 7f840e9dc180421eaa9b0ea3ab993fdd5b2466e5)
 2008-06-04 12:24:04 -07:00
Peter Hutterer 45b661c67a dix: Fix build with --disable-xinerama #16204 
X.Org Bug 16204 <http://bugs.freedesktop.org/show_bug.cgi?id=16204>
 2008-06-04 13:39:39 +09:30
Peter Hutterer 26e7e69ab8 kdrive: don't post motion event if there was no motion. #16179 
Based on the patch by Tomas Janousek.

X.Org Bug 16179 <http://bugs.freedesktop.org/show_bug.cgi?id=16179>
 2008-06-02 11:11:37 +09:30
Peter Hutterer ac1db45449 xfree86: suspend signals while removing a device (corrected version). 
Block/Release is now symmetrical.
 2008-06-02 10:40:10 +09:30
Peter Hutterer 95ecaa411a Revert "xfree86: suspend signals while removing a device." 
Left the signals blocked hanging after removing a master device.

This reverts commit 74372fd004.
 2008-06-02 10:38:45 +09:30