- Oct 30, 2024
-
-
Alan Coopersmith authoredNeeded to build with IPv6 disabled using gcc 14 on some platforms to avoid: In file included from /usr/X11/include/X11/Xtrans/transport.c:67, from xstrans.c:17: /usr/X11/include/X11/Xtrans/Xtranssock.c: In function ‘_XSERVTransSocketOpen’: /usr/X11/include/X11/Xtrans/Xtranssock.c:467:28: error: passing argument 5 of ‘getsockopt’ from incompatible pointer type [-Wincompatible-pointer-types] 467 | (char *) &val, &len) == 0 && val < 64 * 1024) | ^~~~ | | | size_t * {aka long unsigned int *} Signed-off-by:Alan Coopersmith <alan.coopersmith@oracle.com> Part-of: <!1736>
-
-
- Oct 29, 2024
-
-
The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh). CVE-2024-9632, ZDI-CAN-24756 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Reviewed-by:
Peter Hutterer <peter.hutterer@who-t.net> Tested-by:
José Expósito <jexposit@redhat.com> Part-of: <!1733>
-
- Oct 28, 2024
-
-
Found by Oracle Parfait 13.3 static analyzer: Memory leak [memory-leak]: Memory leak of pointer event allocated with calloc(1, 16) at line 470 of hw/xfree86/drivers/modesetting/present.c in function 'ms_present_unflip'. event allocated at line 431 with calloc(1, 16) event leaks when ms_present_check_unflip(...) == 0 at line 438 and i >= config->num_crtc at line 445 Fixes: 13c7d53d ("modesetting: Implement page flipping support for Present.") Signed-off-by: -
Previously, it was looping through sizeof(ev->valuators.mask) * 8 valuators, where valuators.mask is defined as an array of (MAX_VALUATORS + 7) / 8 entries. Since MAX_VALUATORS is defined as 36, this made it actually loop through 40 entries. The last 4 bits in this array should never be set, so we should never access memory outside the bounds of the arrays defined to be exactly MAX_VALUATORS in length, but we can make the static analyzer happier and not waste time checking bits that should never be set. Found by Oracle Parfait 13.3 static analyzer: Read outside array bounds [read-outside-array-bounds]: In array dereference of ev->valuators.data[i] with index i Array size is 36 elements (of 8 bytes each), index >= 0 and index <= 39 at line 741 of dix/eventconvert.c in function 'eventToDeviceEvent'. Read outside array bounds [read-outside-array-bounds]: In array dereference of ev->valuators.data[i] with index i Array size is 36 elements (of 8 bytes each), index >= 0 and index <= 39 at line 808 of dix/eventconvert.c in function 'eventToRawEvent'. Read outside array bounds [read-outside-array-bounds]: In array dereference of ev->valuators.data_raw[i] with index i Array size is 36 elements (of 8 bytes each), index >= 0 and index <= 39 at line 809 of dix/eventconvert.c in function 'eventToRawEvent'. Fixes: b2ba77ba ("dix: add EventToXI2 and GetXI2Type.") Signed-off-by: -
Found by Oracle Parfait 13.3 static analyzer: Buffer Overflow in STD C function [buffer-overflow-call-stdc]: Buffer overflow in call to memcpy. Buffer &bev->buttons[4] of size 24 is written at an offset of 28 Array size is 28 bytes, index is 32 at line 743 of dix/enterleave.c in function 'DeliverStateNotifyEvent'. Fixes: a85f0d6b ("Xi: fix use of button->down - bitflags instead of int arrays.") Reviewed-by: -
Found by Oracle Parfait 13.3: Null pointer dereference [null-pointer-deref]: Read from null pointer pVisual at line 257 of dix/colormap.c in function 'CreateColormap'. Null pointer introduced at line 412 of render/picture.c in function 'PictureFindVisual'. Constant 'NULL' passed into function CreateColormap, argument pVisual, from call at line 431 in function 'PictureInitIndexedFormat'. Function PictureFindVisual may return constant 'NULL' at line 412, called at line 429. Fixes: d4a101d4 ("Integration of DAMAGE-XFIXES branch to trunk") Signed-off-by: -
The comments in that function say "This only happens if master is a slave device. don't do that" but static analysis doesn't respect that. Found by Oracle Parfait 13.3: Null pointer dereference [null-pointer-deref]: Read from null pointer XTestptr at line 274 of Xi/xichangehierarchy.c in function 'remove_master'. Null pointer introduced at line 691 of Xext/xtest.c in function 'GetXTestDevice'. Function GetXTestDevice may return constant 'NULL' at line 691, called at line 273 of Xi/xichangehierarchy.c in function 'remove_master'. Null pointer dereference [null-pointer-deref]: Read from null pointer XTestkeybd at line 279 of Xi/xichangehierarchy.c in function 'remove_master'. Null pointer introduced at line 691 of Xext/xtest.c in function 'GetXTestDevice'. Function GetXTestDevice may return constant 'NULL' at line 691, called at line 278 of Xi/xichangehierarchy.c in function 'remove_master'. Fixes: 0814f511 ("input: store the master device's ID in the devPrivate for XTest devices.") Signed-off-by: -
Found by Oracle Parfait 13.3 static analyzer: Memory leak [memory-leak]: Memory leak of pointer optname allocated with asprintf(&optname, "\"%s\"", p->name) at line 326 of hw/xfree86/common/xf86Configure.c in function 'configureDeviceSection'. optname allocated at line 309 with asprintf(&optname, "\"%s\"", p->name) Fixes: code inherited from XFree86 Signed-off-by:
-
- Oct 26, 2024
-
-
Alan Coopersmith authored
If the compiler knows of a better algorithm for counting the number of bits set in a word for the target CPU, let it use that, instead of the classic algorithm optimized for PDP-6. Based on xorg/lib/libxext@490a25e6 v2: make old version static inline, stop exporting after !1695 Signed-off-by:
-
It's not used by any module/driver, so no need to keep it exported. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1695>
-
- Oct 22, 2024
-
-
eglCreateSyncKHR takes ownership of the file descriptor. Noticed by inspection. While we're at it, move the fence_fd declaration to the scope where it's used. Last but not least, close the fd in xwl_glamor_wait_fence when bailing before calling eglCreateSyncKHR, and document that it takes ownership. Part-of: <!1712>
-
- Oct 11, 2024
-
-
The comment at the top of the function tells humans the fallthroughs are intentional, but gcc doesn't parse that. Clears 3 -Wimplicit-fallthrough warnings from gcc 14.1 Signed-off-by:
-
lbwtw authored
Signed-off-by:
YaoBing Xiao <xiaoyaobing@uniontech.com> Part-of: <!1718>
-
- Oct 10, 2024
-
-
Linux kernel v6.9 has changed the symlink to point to the parent device. This breaks fbdev_open() detection logic. Change it to use the subsystem symlink instead which will remain stable. Kernel v6.8: [ 14.067] (II) fbdev_open() sysfs_path=/sys/class/graphics/fb0 [ 14.067] (II) fbdev_open() buf=../../devices/platform/vesa-framebuffer.0/graphics/fb0 Kernel v6.9: [ 15.609] (II) fbdev_open() sysfs_path=/sys/class/graphics/fb0 [ 15.609] (II) fbdev_open() buf=../../devices/pci0000:00/0000:00:01.0/vesa-framebuffer.0/graphics/fb0 Originally found in automated Debian ISO QA testing [0] and confirmed in Linux [1]. Tested on kernels v6.9.7 and v6.8.12 [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075713 [1] https://lore.kernel.org/lkml/lLyvPFC_APGHNfyGNHRpQy5izBikkaTPOpHooZIT3fFAoJPquSI31ZMueA99XTdr8ysir3X7O7IMdc6za-0m79vr_claeparHhoRouVgHOI=@proton.me/ Fixes: #1714 Signed-off-by:
Tj <tj.iam.tj@proton.me> Reviewed-by:
Thomas Zimmermann <tzimmermann@suse.de> Reviewed-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1612> -
This function is doing the same like LogMessageVerb(), so no need to keep around a duplicate implementation. Leaving it as a macro, until all callers, also in drivers, have been migrated. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1679> -
This function is doing the same like LogMessageVerb(), so no need to keep around a duplicate implementation. Leaving it as a macro, until all callers, also in drivers, have been migrated. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1679> -
ProcRRGetScreenResources() vs. RRGetScreenResourcesCurrent() have different semantics - this also must be followed in byte-swapped case. Fixes: fc708394 - Add server support for RRGetScreenResourcesCurrent Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1630> -
This function is only called inside dri.c, not used by any drivers (and wouldn't make sense to do so), so no need to keep it exported. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1713> -
Xwin's DestroyPixmap proc just free()s the PixmapRec directly, w/o catering for devPrivate's, so leaving a memleak. The correct DIX function for this is FreePixmap(). Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1710> -
It's not needed by any driver, so no need to keep it exported. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1694> -
This pointer field isn't used anywhere, neither in Xorg nor in drivers. No need to keep it around any longer. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1692> -
Since we're only going through macros (that are calling these), this extra wrapper function isn't needed at all - using LogMessageVerb() directly. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1689> -
These aren't used by any modules/drivers, so no need to keep them exported. Also drop the return value, which isn't used by any caller. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1687> -
mingw32 does does have getpid() function, so conditionally redefining it to _getpid() isn't necessary. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1686> -
It's just a wrapper around LogVMessageVerb() and no external module using it, so can easily be optimized-away. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1683> -
It's nothing but a wrapper, doing the same as LogMessageVerb(X_NONE, ...), and no external module / driver needs it, so can be easily optimized away. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1683> -
It's a standard C header, that's always present, so no extra guard needed. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1684> -
MingW also provides localtime_r(), but needs _POSIX_THREAD_SAFE_FUNCTIONS symbol before including anything, in order for the prototype being defined. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1685> -
These code pieces have been commented out since their introduction back almost two decades ago, so probably no need for them anymore. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1603> -
This macro doesn't do anything more than just making the function declarations a few bytes smaller, but this makes the code harder to read (eg. when just grepping through the code base). Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1609> -
No need to have one function doing nothing more than calling another one with the same prototype. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1611> -
The only consumer seems to be one BSD specific file, the few drivers using the *_iopl seem to include it on their own. Thus, no need to keep it in public headers. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1420> -
These are only used in i386_video.c, so move them there. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1420> -
These are only used in bsd_init.c, so move them there. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1420> -
This define is only used inside bsd_bell.c, so move it there. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1420> -
These don't seem to be used anywhere, so we can drop them. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1420> -
These only had been used by xf86-video-chips, but meanwhile this defines them on it's own, so we can drop them from here now. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1420> -
By C standard, functions are always extern if not specified otherwise. Signed-off-by:
Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1501> -
fix warning on unused variable: > ../xkb/xkb.c:3576:18: warning: variable 'extDevReason' set but not used [-Wunused-but-set-variable] > unsigned int extDevReason; ^ Signed-off-by:Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <!1426>
-
