- Oct 28, 2015
-
-
Adam Jackson authored
-
- Oct 27, 2015
-
-
In WaitForSomething(), the fd_set clientsWritable may be used unitialized when the boolean AnyClientsWriteBlocked is set in the WakeupHandler(). This leads to a crash in FlushAllOutput() after x11proto's commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7. The problem did not manifest before because both the XFD_SIZE and the maximum number of clients were set to 256. As the connectionTranslation table was initalized for the 256 clients to 0, the test on the index not being 0 was aborting before dereferencing the client #0. As of commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7 in x11proto, the XFD_SIZE got bumped to 512. This lead the OutputPending fd_set to have any fd above 256 to be uninitialized which in turns lead to reading an index after the end of the ConnectionTranslation table. This index would then be used to find the client corresponding to the fd marked as pending writes and would also result to an out-of-bound access which would usually be the fatal one. Fix this by zeroing the clientsWritable fd_set at the beginning of WaitForSomething(). In this case, the bottom part of the loop, which would indirectly call FlushAllOutput, will not do any work but the next call to select will result in the execution of the right codepath. This is exactly what we want because we need to know the writable clients before handling them. In the end, it also makes sure that the fds above MaxClient are initialized, preventing the crash in FlushAllOutput(). Thanks to everyone involved in tracking this one down! Reported-by: Karol Herbst <freedesktop@karolherbst.de> Reported-by: Tobias Klausmann <tobias.klausmann@mni.thm.de> Signed-off-by: Martin Peres <martin.peres@linux.intel.com> Tested-by: Tobias Klausmann <tobias.klausmann@mni.thm.de> Tested-by: Martin Peres <martin.peres@linux.intel.com> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91316 Cc: Ilia Mirkin <imirkin@alum.mit.edu> Cc: Olivier Fourdan <ofourdan@redhat.com Cc: Adam Jackson <ajax@redhat.com> Cc: Alan Coopersmith <alan.coopersmith@oracle.com Cc: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-
Regression from 990cf5b2 Signed-off-by: Julien Cristau <jcristau@debian.org> Cc: Andrew Eikum <aeikum@codeweavers.com> Cc: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Andrew Eikum <aeikum@codeweavers.com> (cherry picked from commit 524844c8)
-
Fixes DRI2 client driver name mapping for newer AMD GPUs with the modesetting driver, allowing the DRI2 extension to initialize. Signed-off-by: Michel Dänzer <michel.daenzer@amd.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> (cherry picked from commit ac2f27f1)
-
- Oct 26, 2015
-
-
Adam Jackson authored
Signed-off-by: Adam Jackson <ajax@redhat.com>
-
Only treat divisor==0 as async to immediately report the actual vblank. If the user species a non-zero divisor, we should compute the missed vblank properly or else we report too early. Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Mario Kleiner <mario.kleiner.de@gmail.com> (cherry picked from commit 413cb2ff)
-
FatalError ends up calling xf86CloseConsole itself, so calling FatalError from within xf86CloseConsole is not a good idea. Make switch_to log errors using xf86Msg(X_WARNING, ...) and return success (or failure). This makes switch_to match the other error checking done in xf86CloseConsole which all logs warnings and continues. Add checking of the return value in xf86OpenConsole and call FatalError there when switch_to fails, to preserve the error-handling behavior of xf86OpenConsole. BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1269210 Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com> (cherry picked from commit 2092f12a)
-
Patch 3ab6cd31 fixed Xinerama interactions with font servers by not putting clients to sleep multiple times. However, it introduced additional changes dealing with libXfont routine returning Suspended more than once for the same request. This additional change was to abandon processing of the current request and free the closure data by jumping to 'xinerama_sleep' in each of the functions. Font library functions shouldn't return Suspended more than once, except for ListFontsWithInfo, which produces multiple replies, and thus ends up returning Suspended many times during processing. With the jump to xinerama_sleep occurring after the first reply was processed, the closure for the request was freed and future calls into the ListFontsWithInfo callback resulted in dereferencing freed memory. This patch removes the added branches, reverting the code to its previous behaviour, which permitted multiple Suspended returns and simply waited for the client to be signaled again so that the callback could continue processing the request. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Adam Jackson <ajax@redhat.com> (cherry picked from commit f9a04d19)
-
glxcmds.c:2206:46: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare,Semantic Issue] if ((cmdlen = safe_pad(hdr->length)) < 0) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~ Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> (cherry picked from commit e0987570)
-
xdmcp.c:1404:1: warning: function 'XdmcpFatal' could be declared with attribute 'noreturn' [-Wmissing-noreturn,Semantic Issue] Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 9a2a05a9)
-
xdmauth.c:230:13: warning: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Wabsolute-value,Semantic Issue] if (abs(now - client->time) > TwentyFiveMinutes) { ^ xdmauth.c:230:13: note: use function 'labs' instead [Semantic Issue] if (abs(now - client->time) > TwentyFiveMinutes) { ^~~ labs xdmauth.c:302:9: warning: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Wabsolute-value,Semantic Issue] if (abs(client->time - now) > TwentyMinutes) { ^ xdmauth.c:302:9: note: use function 'labs' instead [Semantic Issue] if (abs(client->time - now) > TwentyMinutes) { ^~~ labs Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 85eb90ea)
-
rrtransform.c:124:22: warning: using integer absolute value function 'abs' when argument is of floating point type [-Wabsolute-value,Semantic Issue] if ((v = abs(f_transform->m[j][i])) > max) ^ rrtransform.c:124:22: note: use function 'fabs' instead [Semantic Issue] if ((v = abs(f_transform->m[j][i])) > max) ^~~ fabs Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 9f0fcd14)
-
miarc.c:1714:9: warning: using integer absolute value function 'abs' when argument is of floating point type [-Wabsolute-value,Semantic Issue] if (abs(parc->angle2) >= 360.0) ^ miarc.c:1714:9: note: use function 'fabs' instead [Semantic Issue] if (abs(parc->angle2) >= 360.0) ^~~ fabs Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 610dd8a5)
-
All the callers were already checking for failure, except that createSourcePicture() itself was failing to check whether it successfully allocated the Picture. [ajax: Rebase, fix line wrap of preceding line] Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com> (cherry picked from commit 211d4c2d)
-
Set a destructor function on pixman images and call fbFinishAccess() from there, rather than directly from free_pixman_pict(). This ensures that fbFinishAccess() gets called even if pixman still has a reference to the image after free_pixman_pict(), as is the case for alphamaps. [ajax: Squash an unused variable warning in the non-wfb build] Reviewed-by: Aaron Plattner <aplattner@nvidia.com> Signed-off-by: Arcady Goldmints-Orlov <arcadyg@nvidia.com> Reviewed-by: Søren Sandmann <ssp@redhat.com> (cherry picked from commit fbac4517)
-
Check for integer overflow before using stuff->count in a multiplication, to avoid compiler optimizing out due to undefined behaviour, but only after we've checked to make sure stuff->count is in the range of the request we're parsing. Reported-by: <jes@posteo.de> Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 6ca496b7)
-
There's a 'const char *' adventure here that I'm mostly ignoring; some client information gets const poisoned. Worked around by adding a couple of casts. Ick. Added an _X_ATTRIBUTE_PRINTF to SELinuxLog. Ignore a couple of unused return values. Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Keith Packard <keithp@keithp.com> (cherry picked from commit 9af111fe)
-
Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Eric Anholt <eric@anholt.net> (cherry picked from commit e6f8a034)
-
==11097== 2,048 (+1,640) bytes in 32 (+26) blocks are definitely lost in loss record 1,570 of 1,719 ==11097== at 0x4C2A2DB: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==11097== by 0x225EF3: SetPicturePictFilter (filter.c:339) ==11097== by 0x22DF4F: ProcRenderSetPictureFilter (render.c:1773) ==11097== by 0x15D25D: Dispatch (dispatch.c:432) ==11097== by 0x14C7B9: main (main.c:298) [ajax: Fixed whitespace] Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> (cherry picked from commit c7f84c88)
-
The correct refresh rate for this mode is 75, not 85. Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com> (cherry picked from commit 98e17097)
-
[ajax: To be clear, we already have code to emit these events, and it looks like it works, but to get them you'd have had to also ask for one of the other notify types. This makes it possible to listen for e.g. ProviderChange alone.] Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Michal Srb <msrb@suse.com> (cherry picked from commit 91c7acfc)
-
These get used at the end of the function in a calculation, even though the result isn't used its not pretty. Pointed out by coverity. Signed-off-by: Dave Airlie <airlied@redhat.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 4c7cefe2)
-
The Render specification allows single-stop gradients and pixman 0.22 (X server requires >= 0.27.2 now) can rasterize them correctly. [ajax: update commit message] Signed-off-by: Andrea Canciani <ranma42@gmail.com> Reviewed-by: Soren Sandmann <ssp@redhat.com> (cherry picked from commit 7ed0c391)
-
include/site.h says that COMPILEDDISPLAYCLASS is MIT-unspecified, rather than MIT-Unspecified. Fix the manpage accordingly. Signed-off-by: Cyril Brulebois <kibi@debian.org> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 4803f713)
-
Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit a31bbc45)
-
Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 424ba5de)
-
Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 7e6b7c79)
-
Adobe-DPS-Extension, DEC-XTRAP, X3D-PEX, XIE Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 1ea8fb96)
-
lbx and mbe. Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com> (cherry picked from commit 59327003)
-
Based off of glproto 1.4.11. Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Robert Hooker <robert.hooker@canonical.com> (cherry picked from commit 3cd56dd2)
-
Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Robert Hooker <robert.hooker@canonical.com> (cherry picked from commit 272ba9f0)
-
Adam Jackson authored
gcc quite correctly complains about this: In file included from ../../include/scrnintstr.h:51:0, from rootlessValTree.c:98: In function 'RegionUninit.isra.1', inlined from 'RegionEmpty' at ../../include/regionstr.h:194:5, inlined from 'RootlessMiValidateTree' at rootlessValTree.c:490:9: ../../include/regionstr.h:166:9: warning: attempt to free a non-heap object 'RegionBrokenData' [-Wfree-nonheap-object] free((_pReg)->data); So that'd crash if you ever got there. RegionNull will do almost the same thing only without the free(), so let's do that instead; it might still not be an entirely sane way to recover, but it at least won't crash. Reviewed-by: Keith Packard <keithp@keithp.com> Signed-off-by: Adam Jackson <ajax@redhat.com> (cherry picked from commit fa0bb018)
-
There was a complicated scheme to increase the time between keepalives from 3 minutes up to as much as 24 hours in an attempt to reduce network traffic from idle X terminals. X terminals receiving X traffic, or receiving user input would use the 3 minute value; X terminals without any network traffic would use a longer value. However, this was actually broken -- any activity in the X server, either client requests or user input, would end up resetting the keepalive timeout, so a user mashing on the keyboard would never discover that the XDMCP master had disappeared and have the session terminated, which was precisely the design goal of the XDMCP keepalive mechanism. Instead of attempting to fix this, accept the cost of a pair of XDMCP packets once every three minutes and just perform keepalives regularly. This will also make reworking the block and wakeup handler APIs to eliminate select masks easier. Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Keith Packard <keithp@keithp.com> (cherry picked from commit db1089ea)
-
The X server used to wait for the user to hit a key or move the mouse before restarting the session after a keepalive failure. This, presumably, was to avoid having the X server continuously spew XDMCP protocol on the network while the XDM server was dead. Switching into this state was removed from the server some time before XFree86 4.3.99.16, so the remaining bits of code have been dead for over a decade, and no-one ever noticed. Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Keith Packard <keithp@keithp.com> (cherry picked from commit a3a40291)
-
When xf86RandR12Key is not set we will not get to the places where these tests are done as the functions in question are not called. In most cases we would have crashed before these checks anyway. Signed-off-by: Egbert Eich <eich@freedesktop.org> Reviewed-by: Keith Packard <keithp@keithp.com> (cherry picked from commit 3cd7d333)
-
As we define sizeFits based on whether a CRTC is active, and skip trying to redirect the scanout on a disable pipe, we then attempt to undo it later and fail because crtc->scanout_pixmap != DRI2_Pixmap and !sizeFits. Paper over this failure by skipping unredirected CRTC when disabling. v2: Unwind upon failure Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=84653 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Cc: Dave Airlie <airlied@redhat.com> Reported-by: Christoph Haag <haagch@frickel.club> Tested-by: Christoph Haag <haagch@frickel.club> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> (cherry picked from commit 245040f0)
-
DECnet support died in modularization (X11R7.0) Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 9d65a0de)
-
The modesetting driver corrupts memory when used after a server regeneration because not enough memory is allocated for its pixmap privates. This happens because its call to dixRegisterScreenSpecificPrivateKey() does nothing because key->initialized is still TRUE from the first server generation. However, the key is not in the screen's linked list of screen-specific privates because that's freed and reallocated during the server generation loop in dix_main(). Fix this by clearing key->initialized before CloseScreen and add a call to dixFreeScreenSpecificPrivates() for GPU screens. v2: Just set key->initialized to FALSE and move dixFreeScreenSpecificPrivates() calls to after CloseScreen. v3: Move dixFreeScreenSpecificPrivates() calls back to just before CloseScreen. Signed-off-by: Aaron Plattner <aplattner@nvidia.com> Reviewed-by: Keith Packard <keithp@keithp.com> (cherry picked from commit 82eb490b)
-
Adam Jackson authored
Since ProcRenderScale throws BadImplementation anyway it's pointless to waste time carefully swapping the request. Signed-off-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit 67dd34fa)
-
This improves the case for when we paint an area without SHM. xcb_image_subimage() is used to create a subimage for the damaged area, which is converted to native format if necessary. Signed-off-by: Ian Scott <ian.scott@arteris.com> Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> (cherry picked from commit a579e6ba)
-