1. 24 Apr, 2021 1 commit
  2. 13 Apr, 2021 2 commits
  3. 22 Feb, 2021 3 commits
  4. 21 Feb, 2021 2 commits
    • Jeremy Huddleston Sequoia's avatar
    • Jeremy Huddleston Sequoia's avatar
      xquartz: Allocate each fbconfig separately · aa6f8402
      Jeremy Huddleston Sequoia authored
      A change during the 1.20 development cycle resulted in fbconfigs being walked
      and deallocated individually during __glXScreenDestroy.  This change
      now avoids a use-after-free caused by that change.
      
      ==50859==ERROR: AddressSanitizer: heap-use-after-free on address 0x00010d3819c8 at pc 0x0001009d4230 bp 0x00016feca7a0 sp 0x00016feca798
      READ of size 8 at 0x00010d3819c8 thread T5
          #0 0x1009d422c in __glXScreenDestroy glxscreens.c:448
          #1 0x10091cc98 in __glXAquaScreenDestroy indirect.c:510
          #2 0x1009d2734 in glxCloseScreen glxscreens.c:169
          #3 0x100740a24 in dix_main main.c:325
          #4 0x10023ed50 in server_thread quartzStartup.c:65
          #5 0x199ae7fd0 in _pthread_start+0x13c (libsystem_pthread.dylib:arm64e+0x6fd0)
          #6 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)
      
      0x00010d3819c8 is located 200 bytes inside of 12800-byte region [0x00010d381900,0x00010d384b00)
      freed by thread T5 here:
          #0 0x101477ba8 in wrap_free+0x98 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3fba8)
          #1 0x1009d4240 in __glXScreenDestroy glxscreens.c:449
          #2 0x10091cc98 in __glXAquaScreenDestroy indirect.c:510
          #3 0x1009d2734 in glxCloseScreen glxscreens.c:169
          #4 0x100740a24 in dix_main main.c:325
          #5 0x10023ed50 in server_thread quartzStartup.c:65
          #6 0x199ae7fd0 in _pthread_start+0x13c (libsystem_pthread.dylib:arm64e+0x6fd0)
          #7 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)
      
      previously allocated by thread T5 here:
          #0 0x101477e38 in wrap_calloc+0x9c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3fe38)
          #1 0x100925a40 in __glXAquaCreateVisualConfigs visualConfigs.c:116
          #2 0x10091cb24 in __glXAquaScreenProbe+0x224 (X11.bin:arm64+0x100730b24)
          #3 0x1009cd840 in xorgGlxServerInit glxext.c:528
          #4 0x10074539c in _CallCallbacks dixutils.c:743
          #5 0x100932a70 in CallCallbacks callback.h:83
          #6 0x100932478 in GlxExtensionInit vndext.c:244
          #7 0x10020a364 in InitExtensions miinitext.c:267
          #8 0x10073fe7c in dix_main main.c:197
          #9 0x10023ed50 in server_thread quartzStartup.c:65
          #10 0x199ae7fd0 in _pthread_start+0x13c (libsystem_pthread.dylib:arm64e+0x6fd0)
          #11 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)
      
      Regressed-in: 4b0a3cba
      
      
      CC: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
      Signed-off-by: Jeremy Huddleston Sequoia's avatarJeremy Huddleston Sequoia <jeremyhu@apple.com>
      (cherry picked from commit 487286d4)
      aa6f8402
  5. 20 Feb, 2021 2 commits
  6. 19 Feb, 2021 13 commits
  7. 18 Feb, 2021 2 commits
  8. 17 Feb, 2021 2 commits
  9. 02 Feb, 2021 13 commits