[Xquartz-changes] xserver: Branch 'master' - 6 commits
Jeremy Huddleston
jeremyhu at freedesktop.org
Wed Jan 1 11:11:35 PST 2014
hw/xquartz/applewm.c | 16 ++++++++++++++++
hw/xquartz/mach-startup/stub.c | 4 ++++
hw/xquartz/quartz.c | 3 +++
hw/xquartz/xpr/appledri.c | 10 ++++++++++
4 files changed, 33 insertions(+)
New commits:
commit 7160409207553404ae33eb5d5964b4d54d2adfcf
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Wed Jan 1 11:10:41 2014 -0800
XQuartz: Avoid passing uninitialized pointers to X11ApplicationSetWindowMenu in AppleWMSetWindowMenu
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
diff --git a/hw/xquartz/applewm.c b/hw/xquartz/applewm.c
index c4e5f4a..0d734bd 100644
--- a/hw/xquartz/applewm.c
+++ b/hw/xquartz/applewm.c
@@ -398,6 +398,15 @@ ProcAppleWMSetWindowMenu(register ClientPtr client)
break;
}
}
+
+ /* Check if we bailed out of the above loop due to a request that was too long */
+ if (j < nitems) {
+ free(items);
+ free(shortcuts);
+
+ return BadRequest;
+ }
+
X11ApplicationSetWindowMenu(nitems, items, shortcuts);
free(items);
free(shortcuts);
commit 23fd3330f51e11bc5f748c2278bff65c06cb73f5
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Wed Jan 1 11:04:07 2014 -0800
XQuartz: Check for allocated memory before using it in AppleWMSetWindowMenu
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
diff --git a/hw/xquartz/applewm.c b/hw/xquartz/applewm.c
index aea0a45..c4e5f4a 100644
--- a/hw/xquartz/applewm.c
+++ b/hw/xquartz/applewm.c
@@ -378,6 +378,13 @@ ProcAppleWMSetWindowMenu(register ClientPtr client)
items = malloc(sizeof(char *) * nitems);
shortcuts = malloc(sizeof(char) * nitems);
+ if (!items || !shortcuts) {
+ free(items);
+ free(shortcuts);
+
+ return BadAlloc;
+ }
+
max_len = (stuff->length << 2) - sizeof(xAppleWMSetWindowMenuReq);
bytes = (char *)&stuff[1];
commit 6319f49c82983c502bcb76a2d0b141db0cec55ff
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Wed Jan 1 11:00:40 2014 -0800
XQuartz: Silence a clang static analysis warning about a memory leak
It seems the alanyzer can't comprehend dixSetPrivate().
quartz.c:119:12: warning: Potential leak of memory pointed to by 'displayInfo'
return quartzProcs->AddScreen(index, pScreen);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
diff --git a/hw/xquartz/quartz.c b/hw/xquartz/quartz.c
index 5b977c7..bc6c8d0 100644
--- a/hw/xquartz/quartz.c
+++ b/hw/xquartz/quartz.c
@@ -109,11 +109,14 @@ Bool
QuartzAddScreen(int index,
ScreenPtr pScreen)
{
+ // The clang static analyzer thinks we leak displayInfo here
+#ifndef __clang_analyzer__
// allocate space for private per screen Quartz specific storage
QuartzScreenPtr displayInfo = calloc(sizeof(QuartzScreenRec), 1);
// QUARTZ_PRIV(pScreen) = displayInfo;
dixSetPrivate(&pScreen->devPrivates, quartzScreenKey, displayInfo);
+#endif /* __clang_analyzer__ */
// do Quartz mode specific initialization
return quartzProcs->AddScreen(index, pScreen);
commit 5e9aea54967340a9c9e47f436e5ade9dca380b91
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Wed Jan 1 10:55:10 2014 -0800
XQuartz: Silence a clang static analysis warning about a possible memory leak on exit
stub.c:356:9: warning: Potential leak of memory pointed to by 'newargv'
asl_log(aslc, NULL, ASL_LEVEL_ERR,
^~~~~~~
stub.c:356:9: warning: Potential leak of memory pointed to by 'newenvp'
asl_log(aslc, NULL, ASL_LEVEL_ERR,
^~~~~~~
2 warnings generated.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
diff --git a/hw/xquartz/mach-startup/stub.c b/hw/xquartz/mach-startup/stub.c
index b5a3168..756e4ef 100644
--- a/hw/xquartz/mach-startup/stub.c
+++ b/hw/xquartz/mach-startup/stub.c
@@ -353,6 +353,10 @@ main(int argc, char **argv, char **envp)
newenvp = (string_array_t)calloc((1 + envpc), sizeof(string_t));
if (!newargv || !newenvp) {
+ /* Silence the clang static analyzer */
+ free(newargv);
+ free(newenvp);
+
asl_log(aslc, NULL, ASL_LEVEL_ERR,
"Xquartz: Memory allocation failure");
return EXIT_FAILURE;
commit 69b3b9b945371a0bcf389cffa47287cfb278f1ad
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Wed Jan 1 10:47:52 2014 -0800
XQuartz: Validate length in appledri before swapping
Avoids potential memory corruption from bad requests
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
diff --git a/hw/xquartz/xpr/appledri.c b/hw/xquartz/xpr/appledri.c
index d7e9844..7757465 100644
--- a/hw/xquartz/xpr/appledri.c
+++ b/hw/xquartz/xpr/appledri.c
@@ -406,6 +406,7 @@ SProcAppleDRIQueryDirectRenderingCapable(register ClientPtr client)
{
REQUEST(xAppleDRIQueryDirectRenderingCapableReq);
swaps(&stuff->length);
+ REQUEST_SIZE_MATCH(xAppleDRIQueryDirectRenderingCapableReq);
swapl(&stuff->screen);
return ProcAppleDRIQueryDirectRenderingCapable(client);
}
@@ -415,6 +416,7 @@ SProcAppleDRIAuthConnection(register ClientPtr client)
{
REQUEST(xAppleDRIAuthConnectionReq);
swaps(&stuff->length);
+ REQUEST_SIZE_MATCH(xAppleDRIAuthConnectionReq);
swapl(&stuff->screen);
swapl(&stuff->magic);
return ProcAppleDRIAuthConnection(client);
@@ -425,6 +427,7 @@ SProcAppleDRICreateSurface(register ClientPtr client)
{
REQUEST(xAppleDRICreateSurfaceReq);
swaps(&stuff->length);
+ REQUEST_SIZE_MATCH(xAppleDRICreateSurfaceReq);
swapl(&stuff->screen);
swapl(&stuff->drawable);
swapl(&stuff->client_id);
@@ -436,6 +439,7 @@ SProcAppleDRIDestroySurface(register ClientPtr client)
{
REQUEST(xAppleDRIDestroySurfaceReq);
swaps(&stuff->length);
+ REQUEST_SIZE_MATCH(xAppleDRIDestroySurfaceReq);
swapl(&stuff->screen);
swapl(&stuff->drawable);
return ProcAppleDRIDestroySurface(client);
@@ -446,6 +450,7 @@ SProcAppleDRICreatePixmap(register ClientPtr client)
{
REQUEST(xAppleDRICreatePixmapReq);
swaps(&stuff->length);
+ REQUEST_SIZE_MATCH(xAppleDRICreatePixmapReq);
swapl(&stuff->screen);
swapl(&stuff->drawable);
return ProcAppleDRICreatePixmap(client);
@@ -456,6 +461,7 @@ SProcAppleDRIDestroyPixmap(register ClientPtr client)
{
REQUEST(xAppleDRIDestroyPixmapReq);
swaps(&stuff->length);
+ REQUEST_SIZE_MATCH(xAppleDRIDestroyPixmapReq);
swapl(&stuff->drawable);
return ProcAppleDRIDestroyPixmap(client);
}
commit 254c4f355f84076b4eeee8a450d4d2d911ab7960
Author: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Date: Wed Jan 1 10:39:56 2014 -0800
XQuartz: Validate screen in AppleDRIQueryDirectRenderingCapable requests
Return an error to the caller rather than crashing the server on
invalid screens.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
diff --git a/hw/xquartz/xpr/appledri.c b/hw/xquartz/xpr/appledri.c
index 9aac072..d7e9844 100644
--- a/hw/xquartz/xpr/appledri.c
+++ b/hw/xquartz/xpr/appledri.c
@@ -123,6 +123,10 @@ ProcAppleDRIQueryDirectRenderingCapable(register ClientPtr client)
rep.length = 0;
rep.sequenceNumber = client->sequence;
+ if (stuff->screen >= screenInfo.numScreens) {
+ return BadValue;
+ }
+
if (!DRIQueryDirectRenderingCapable(screenInfo.screens[stuff->screen],
&isCapable)) {
return BadValue;
More information about the Xquartz-changes
mailing list