- Jun 27, 2014
-
-
Peter Hutterer authored
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-
- Jun 26, 2014
-
-
I've been seeing sporadic (anywhere from once every few days to 3-4 times a day) crashes and freezes in X. The problematic behaviour isn't always the same, but I chose a particular incident to debug, and found that X was segfaulting in updateMotionHistory, on line 575 of dix/getevents.c. After some further investigation, I found that the bug was being triggered when a SIGIO was received in DeepCopyPointerClasses, between the AllocValuatorClass call (line 540) and updating the to->valuator pointer (line 545). AllocValuatorClass calls realloc() on to->valuator, so between these lines, it's not guaranteed to point to allocated memory. It seems the SIGIO handler is calling updateMotionHistory, which is reading the memory pointed to by to->valuator and getting a wrong value for last_motion, which updates buff to point to wildly the wrong place and thus generates a segfault when a memcpy() is done into buff. I am attaching a patch which I've been running on that machine for the past three days, and haven't yet observed any more crashing or freezing behaviour. The patch simply calls OsBlockSIGIO while DeepCopyDeviceClasses is in progress, as the state of the X server's device data structures is not guaranteed to be in a consistent state during that time. Debian bug#744303 <https://bugs.debian.org/744303 > Signed-off-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit d7a2df0a)
-
The easiest way to check for the version of an extension is to send the maximum possible version numbers in the QueryVersion request. The X server overflows on these as it assumes you will send a reasonable version number. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Keith Packard <keithp@keithp.com> (cherry picked from commit 548fc937)
-
Peter Hutterer authored
DontZap off is the default anyway, don't mention it specifically to avoid confusion X.Org Bug 71113 <http://bugs.freedesktop.org/show_bug.cgi?id=71113 > Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit cfaf2abb)
-
Peter Hutterer authored
X.Org Bug 71113 <http://bugs.freedesktop.org/show_bug.cgi?id=71113 > Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit e48a132b)
-
- Jun 23, 2014
-
-
Matt Dew authored
-
- Jun 01, 2014
-
-
Jeremy Huddleston Sequoia authored
<rdar://problem/14205847> http://xquartz.macosforge.org/trac/ticket/832 Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 1c10b373)
-
Jeremy Huddleston Sequoia authored
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit ad0ff649)
-
Jeremy Huddleston Sequoia authored
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit e281288d)
-
If a source picture doesn't repeat and a mask format is specified, the incorrect calulation of the origin of the glyphs caused the glyphs to not be drawn at all. Noticed when running gtk-demo from RHEL 6.5 and selecting "Rotated Text". Signed-off-by: Peter Harris <pharris@opentext.com> Reviewed-by: Keith Packard <keithp@keithp.com> Signed-off-by: Keith Packard <keithp@keithp.com> /* Test for this bug cc -std=c99 -o glyph glyph.c `pkg-config --cflags --libs xcb-render` */ // 16 x 16 pictfmt_a8 "glyph" static const char glyph[] = { 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, }; static struct { uint8_t len; uint8_t pad[3]; uint16_t deltax, deltay; uint8_t glyph; uint8_t pad2[3]; } elt = { len:1, glyph:1, deltax:WIN_SIZE/2 - GLYPH_SIZE/2, deltay:WIN_SIZE/2 - GLYPH_SIZE/2 }; int main(int argc, char *argv[]) { int screen; xcb_connection_t *c = xcb_connect(NULL, &screen); if (!c || xcb_connection_has_error(c)) { fprintf(stderr, "Cannot open default display \"%s\"\n", getenv("DISPLAY")); return EXIT_FAILURE; } // Find root window and depth const xcb_setup_t *setup = xcb_get_setup(c); if (screen >= setup->roots_len) screen = 0; xcb_screen_iterator_t si = xcb_setup_roots_iterator(setup); for (int i=0; i < screen; i++) xcb_screen_next(&si); xcb_window_t root = si.data->root; uint8_t depth = si.data->root_depth; xcb_visualid_t visual = si.data->root_visual; // Find picture formats xcb_render_query_pict_formats_reply_t *qpf; qpf = xcb_render_query_pict_formats_reply(c, xcb_render_query_pict_formats(c), NULL); if (!qpf) { fprintf(stderr, "Cannot query RENDER picture formats\n"); return EXIT_FAILURE; } xcb_render_pictformat_t fmt_a8 = 0; xcb_render_pictforminfo_iterator_t pfi = xcb_render_query_pict_formats_formats_iterator(qpf); for (int i = 0; i < xcb_render_query_pict_formats_formats_length(qpf); i++) { if (pfi.data->depth == 8 && pfi.data->type == XCB_RENDER_PICT_TYPE_DIRECT && pfi.data->direct.alpha_mask == 0xFF) { fmt_a8 = pfi.data->id; break; } xcb_render_pictforminfo_next(&pfi); } if (!fmt_a8) { fprintf(stderr, "Cannot find a8 RENDER picture format\n"); return EXIT_FAILURE; } xcb_render_pictformat_t fmt_visual = 0; xcb_render_pictscreen_iterator_t psi = xcb_render_query_pict_formats_screens_iterator(qpf); for (int i = 0; i < xcb_render_query_pict_formats_screens_length(qpf); i++) { xcb_render_pictdepth_iterator_t pdi = xcb_render_pictscreen_depths_iterator(psi.data); for (int j = 0; i < xcb_render_pictscreen_depths_length(psi.data); i++) { xcb_render_pictvisual_iterator_t pvi = xcb_render_pictdepth_visuals_iterator(pdi.data); for (int k = 0; k < xcb_render_pictdepth_visuals_length(pdi.data); i++) { if (pvi.data->visual == visual) { fmt_visual = pvi.data->format; goto found_visual; } xcb_render_pictvisual_next(&pvi); } xcb_render_pictdepth_next(&pdi); } xcb_render_pictscreen_next(&psi); } found_visual: if (!fmt_visual) { fprintf(stderr, "Cannot find visual RENDER picture format\n"); return EXIT_FAILURE; } xcb_render_glyphset_t glyphset = xcb_generate_id(c); xcb_render_create_glyph_set(c, glyphset, fmt_a8); uint32_t glyph_ids[] = {1}; xcb_render_add_glyphs(c, glyphset, 1, glyph_ids, &(xcb_render_glyphinfo_t){width:GLYPH_SIZE, height:GLYPH_SIZE}, sizeof(glyph), glyph); // Create window, pixmap, and gc xcb_window_t window = xcb_generate_id(c); uint32_t list[] = { si.data->black_pixel, XCB_EVENT_MASK_EXPOSURE }; xcb_create_window(c, XCB_COPY_FROM_PARENT, window, root, 0, 0, WIN_SIZE, WIN_SIZE, 0, XCB_WINDOW_CLASS_INPUT_OUTPUT, XCB_COPY_FROM_PARENT, XCB_CW_BACK_PIXEL | XCB_CW_EVENT_MASK, list); xcb_map_window(c, window); xcb_render_picture_t winpic = xcb_generate_id(c); xcb_render_create_picture(c, winpic, window, fmt_visual, 0, NULL); xcb_pixmap_t pixmap = xcb_generate_id(c); xcb_create_pixmap(c, depth, pixmap, window, GLYPH_SIZE, GLYPH_SIZE); xcb_render_picture_t pixpic = xcb_generate_id(c); xcb_render_create_picture(c, pixpic, pixmap, fmt_visual, 0, NULL); xcb_render_fill_rectangles(c, XCB_RENDER_PICT_OP_SRC, pixpic, (xcb_render_color_t){green:0xFFFF, alpha:0xFFFF}, 1, &(xcb_rectangle_t){width:GLYPH_SIZE, height:GLYPH_SIZE} ); xcb_flush(c); for (xcb_generic_event_t *ev = xcb_wait_for_event(c); ev; ev = xcb_wait_for_event(c)) { int type = ev->response_type; free(ev); if (type == XCB_EXPOSE) { xcb_clear_area(c, 0, window, 0, 0, 0, 0); xcb_render_composite_glyphs_8(c, XCB_RENDER_PICT_OP_SRC, pixpic, winpic, fmt_a8, glyphset, 0, 0, sizeof(elt), (uint8_t *)&elt); xcb_flush(c); } } return EXIT_SUCCESS; } (cherry picked from commit 983e3036)
-
- Apr 15, 2014
-
-
AKA: XQuartz 2.7.5 doesn't delete its /tmp/.X$d-lock http://xquartz.macosforge.org/trac/ticket/823 Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
-
- Apr 14, 2014
-
-
Matt Dew authored
-
- Apr 12, 2014
-
-
The visualSelectGroup wasn't getting set (since our DRI drivers don't use it), and and since it's the top priority in the sort order, you got random sorting of your visuals unless malloc really returned you new memory. This manifested as Xephyr -glamor rendering to a multisampled window on my system, which as you might guess was slightly lower performance than expected. Signed-off-by: Eric Anholt <eric@anholt.net> Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
-
- Apr 08, 2014
-
-
The XResizeWindow call wasn't replaced by the xcb equivalent, so we were no longer setting the initial window size, only wm size hints. Regression from commit a2b73da7 "Xephyr: start converting hostx.c over to xcb" Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=74849 Signed-off-by: Julien Cristau <jcristau@debian.org> Reported-by: Laércio de Sousa <lbsousajr@gmail.com> Tested-by: Jon TURNEY <jon.turney@dronecode.org.uk> Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk> Signed-off-by: Keith Packard <keithp@keithp.com>
-
- Mar 22, 2014
-
-
Matt Dew authored
-
- Mar 12, 2014
-
-
Peter Hutterer authored
The PnPID for a device may not be on the immediate parent, so search up the device tree until we find one. X.Org Bug 75513 <http://bugs.freedesktop.org/show_bug.cgi?id=75513 > Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Tested-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> (cherry picked from commit 79506647)
-
Peter Hutterer authored
The other values are checked correctly, but if a modifier was outside the allowed range, it would go unnoticed and cause a out-of-bounds read error for any mask equal or larger than 256. The DetailRec where we store the grab masks is only sized to 8 * sizeof(Mask). Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 0f10cfd4)
-
On OpenBSD, passing a timeout longer than 100000000 seconds to select(2) will make it fail with EINVAL. As this is original 4.4BSD behaviour it is not inconceivable that other systems suffer from the same problem. And Linux, though not suffering from any 4.4BSD heritage, briefly did something similar: <https://lkml.org/lkml/2012/8/31/263 > So avoid calling AdjustWaitForDelay() instead of setting the timeout to (effectively) ULONG_MAX milliseconds. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> (cherry picked from commit ddeca927)
-
- Mar 07, 2014
-
-
Matt Dew authored
Merge branch 'server-1.15-branch' of git://people.freedesktop.org/~jeremyhu/xserver into server-1.15-branch
-
- Feb 19, 2014
-
-
Peter Hutterer authored
The server internally relies on arrays with a MAX_BUTTONS maximum size (which is the max the core protocol can transport). Make sure a driver adheres to that. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Daniel Stone <daniel@fooishbar.org> (cherry picked from commit 87ca80a7)
-
Flagged by cppcheck 1.62: [hw/xfree86/common/xf86Helper.c:220] -> [hw/xfree86/common/xf86Helper.c:231]: (warning) Possible null pointer dereference: pScrn - otherwise it is redundant to check it against null. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Keith Packard <keithp@keithp.com> (cherry picked from commit c1ac89c7)
-
Flagged by cppcheck 1.62: [dix/dixfonts.c:1792]: (error) Common realloc mistake: 'font_path_string' nulled but not freed upon failure Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Keith Packard <keithp@keithp.com> (cherry picked from commit e6733ae9)
-
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit 9fc19168)
-
Peter Hutterer authored
The request is followed by mask_len 4-byte units, then followed by the actual modifiers. Also fix up the swapping test, which had the same issue. Reported-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 76b3be75) Conflicts: test/xi2/protocol-xipassivegrabdevice.c
-
Peter Hutterer authored
We call atoi() on the server's display to get the socket but otherwise use the unmodified display for log file name, xkb paths, etc. This results in Xorg :banana being the equivalent of Xorg :0, except for the log files being in /var/log/Xorg.banana.log. I'm not sure there's a good use-case for this behaviour. Check the display for something that looks reasonable, i.e. digits only, but do allow for :0.0 (i.e. digits, followed by a period, followed by one or two digits). Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Keith Packard <keithp@keithp.com> (cherry picked from commit 71baa466)
-
When a grab on a slave device is deactivated, the master device must be checked, just in case there were events from other devices while the slave device was stolen away by the passive grab. This may introduce misbehaviors on mismatching valuators and device features later on UpdateDeviceState(). Signed-off-by: Carlos Garnacho <carlosg@gnome.org> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit b2d5ee2e)
-
- Feb 13, 2014
-
-
Peter Hutterer authored
dev->button->down is a bitmask, not a normal array. Use the helper function to check, we technically allow the mapping to change after the physical button has been pressed (but not yet processed yet), so only check BUTTON_PROCESSED. From XSetPointerMapping(3): "If any of the buttons to be altered are logically in the down state, XSetPointerMapping returns MappingBusy, and the mapping is not changed." Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Daniel Stone <daniel@fooishbar.org> (cherry picked from commit 25d10464)
-
- Jan 22, 2014
-
-
Jeremy Huddleston Sequoia authored
XQuartz: Avoid passing uninitialized pointers to X11ApplicationSetWindowMenu in AppleWMSetWindowMenu Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 77df653a)
-
Jeremy Huddleston Sequoia authored
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 3bc608a3)
-
Jeremy Huddleston Sequoia authored
It seems the alanyzer can't comprehend dixSetPrivate(). quartz.c:119:12: warning: Potential leak of memory pointed to by 'displayInfo' return quartzProcs->AddScreen(index, pScreen); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 64327226)
-
Jeremy Huddleston Sequoia authored
stub.c:356:9: warning: Potential leak of memory pointed to by 'newargv' asl_log(aslc, NULL, ASL_LEVEL_ERR, ^~~~~~~ stub.c:356:9: warning: Potential leak of memory pointed to by 'newenvp' asl_log(aslc, NULL, ASL_LEVEL_ERR, ^~~~~~~ 2 warnings generated. Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit b2f6b349)
-
Jeremy Huddleston Sequoia authored
Avoids potential memory corruption from bad requests Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit a03f096a)
-
Jeremy Huddleston Sequoia authored
Return an error to the caller rather than crashing the server on invalid screens. Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit b3572c0d)
-
Jeremy Huddleston Sequoia authored
x-hook.c:96:9: warning: Called function pointer is an uninitalized pointer value (*fun[i])(arg, data[i]); ^~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 959e8f23)
-
Jeremy Huddleston Sequoia authored
X11Controller.m:938:1: warning: method 'applicationWillTerminate:' could be declared with attribute 'noreturn' [-Wmissing-noreturn,Semantic Issue] { ^ Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit f79af194)
-
Jeremy Huddleston Sequoia authored
indirect.c:675:28: warning: incompatible pointer types passing 'glx_gpa_proc (*)(const char *)' to parameter of type 'glx_gpa_proc' (aka 'glx_func_ptr (*)(const char *)') [-Wincompatible-pointer-types,Semantic Issue] __glXsetGetProcAddress(&get_proc_address); ^~~~~~~~~~~~~~~~~ ../../../glx/glxserver.h:122:42: note: passing argument to parameter 'get_proc_address' here [Semantic Issue] void __glXsetGetProcAddress(glx_gpa_proc get_proc_address); ^ Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit ea80279e)
-
Jeremy Huddleston Sequoia authored
./darwinfb.h:28:9: warning: '_DARWIN_FB_H' is used as a header guard here, followed by #define of a different macro [-Wheader-guard,Lexical or Preprocessor Issue] ^~~~~~~~~~~~ ./darwinfb.h:29:9: note: '_DARWIN_DB_H' is defined here; did you mean '_DARWIN_FB_H'? [Lexical or Preprocessor Issue] ^~~~~~~~~~~~ _DARWIN_FB_H Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 2e3ebec9)
-
Jeremy Huddleston Sequoia authored
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit 9da6c091)
-
- Dec 27, 2013
-
-
Keith Packard authored
Signed-off-by: Keith Packard <keithp@keithp.com>
-
- Dec 20, 2013
-
-
Keith Packard authored
Skipped present pixmap calls were not setting the mode to PresentCompleteModeSkip for skipped operations. Signed-off-by: Keith Packard <keithp@keithp.com>
-