frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
XLibre Xserver
18,316 Commits 293 Branches 13 Tags 61 MiB
C 96.4%
Roff 1.1%
Objective-C 1%
Meson 0.8%
Shell 0.2%
Other 0.3%
Go to file
Enrico Weigelt, metux IT consult 8c4a015cc2 os: color: fix possible buffer overflow vulnerability 
The old approach of builtin color lookup used a binary search of strings
within text blocks (their start offsets defined in the color array).

This could potentially lead to buffer overflow, if the requested color
name far outreaches the text block (eg. same prefix as some entry near to
the end, but really huge). This alone wouldn't allow remote memory readout
(just comparing), but could possibly trigger page faults (sigsegv) or used
as a building block for some more complex attack.

OTOH, the old approach is also hard to maintain, ugly programming style:
on each change, all the offset need to be carefully recounted, which is
pretty error-prone.

Both problems are solved by moving to simple, per-entry, char* pointers,
instead of the one large text block.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1313>
 		2024-02-22 23:33:34 +00:00
.gitlab-ci xwayland: Add XTEST support using EIS 2023-06-26 13:19:19 +02:00
Xext include: move BUG_*() macros to separate header 2024-02-15 23:33:46 +00:00
Xi include: move BUG_*() macros to separate header 2024-02-15 23:33:46 +00:00
composite composite: Expose CompositeIsImplicitRedirectException 2023-07-18 09:34:39 +00:00
config Fix build on OpenBSD. 2024-02-17 16:14:23 +01:00
damageext Remove autotools support 2021-10-27 13:15:40 +03:00
dbe Remove autotools support 2021-10-27 13:15:40 +03:00
dix include: move BUG_*() macros to separate header 2024-02-15 23:33:46 +00:00
doc Remove autotools support 2021-10-27 13:15:40 +03:00
dri3 dri3: Don't compute intersection with drawable modifiers 2023-01-20 17:56:54 +00:00
exa replace _X_INLINE by inline in internal static functions 2024-02-05 19:26:14 +00:00
fb fb: Fix 1bpp Xservers on "whitePixel=0, blackPixel=1" VRAMs 2024-01-03 19:43:16 +00:00
glamor glamor: Fall back for mixed depth 24/32 in glamor_set_alu 2024-01-11 10:03:10 +00:00
glx drop remains of support for old Sun compilers 2024-02-19 09:21:36 +00:00
hw xfree86: drop remains of old USL compiler 2024-02-19 09:21:36 +00:00
include include: os: fix return value of OsLookupColor() 2024-02-22 23:33:34 +00:00
m4 Add ax_pthread.m4 to m4/ 2016-05-29 19:20:51 -07:00
man Disallow byte-swapped clients by default 2023-01-06 11:59:37 +10:00
mi include: move BUG_*() macros to separate header 2024-02-15 23:33:46 +00:00
miext include: move BUG_*() macros to separate header 2024-02-15 23:33:46 +00:00
os os: color: fix possible buffer overflow vulnerability 2024-02-22 23:33:34 +00:00
present modesetting: unflip before any setcrtc() calls 2023-12-16 04:36:39 +00:00
pseudoramiX Remove autotools support 2021-10-27 13:15:40 +03:00
randr Removing the code that deletes an existing monitor in RRMonitorAdd 2023-12-17 18:55:50 +00:00
record record: Support architectures with sizeof(void*) > sizeof(long) 2023-12-17 19:30:52 +00:00
render glamor: fix CbCr format handling 2022-12-01 08:41:57 +00:00
test xkb: drop defining XKBSRV_NEED_FILE_FUNCS 2024-02-19 00:44:15 +00:00
xfixes Remove "All rights reserved" from Oracle copyright notices 2023-02-25 09:40:41 -08:00
xkb xkb: drop defining XKBSRV_NEED_FILE_FUNCS 2024-02-19 00:44:15 +00:00
.appveyor.yml appveyor: Add libxcvt build dep 2021-11-04 13:03:25 +00:00
.dir-locals.el .dir-locals.el: Add missing final newline 2019-10-01 17:05:28 +00:00
.gitignore Clean up the .gitignore file 2024-01-12 00:50:24 +00:00
.gitlab-ci.yml ci: Prevent duplicate pipelines for MRs 2024-01-08 01:11:21 +00:00
.mailmap Add a .mailmap file to canonicalize author names and emails 2023-03-15 18:10:51 +00:00
.travis.yml travis: Add OSX meson build to matrix 2019-05-02 15:42:58 +00:00
COPYING modesetting: Merge modesetting's COPYING into the xserver's. 2014-09-15 12:46:02 -07:00
README.md Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
meson.build build: Switch to meson 0.56 2024-01-08 10:38:05 +00:00
meson_options.txt meson: add option for systemd_notify 2024-01-08 01:23:55 +00:00
xorg-server.m4 xorg-server.m4: just all cflags instead of just sdkdir 2018-09-20 20:12:24 +01:00
xorg-server.pc.in xfree86: link modules against Xorg symbols on Cygwin 2012-04-05 21:57:07 -05:00
xserver.ent.in doc: relocate xserver.ent in the package root directory 2011-05-14 11:22:26 -07:00

README.md

X Server

The X server accepts requests from client applications to create windows, which are (normally rectangular) "virtual screens" that the client program can draw into.

Windows are then composed on the actual screen by the X server (or by a separate composite manager) as directed by the window manager, which usually communicates with the user via graphical controls such as buttons and draggable titlebars and borders.

For a comprehensive overview of X Server and X Window System, consult the following article: https://en.wikipedia.org/wiki/X_server

All questions regarding this software should be directed at the Xorg mailing list:

https://lists.freedesktop.org/mailman/listinfo/xorg

The primary development code repository can be found at:

https://gitlab.freedesktop.org/xorg/xserver

For patch submission instructions, see:

https://www.x.org/wiki/Development/Documentation/SubmittingPatches

As with other projects hosted on freedesktop.org, X.Org follows its Code of Conduct, based on the Contributor Covenant. Please conduct yourself in a respectful and civilized manner when using the above mailing lists, bug trackers, etc:

https://www.freedesktop.org/wiki/CodeOfConduct