aboutsummaryrefslogtreecommitdiffstats
path: root/main/libxext/0001-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/libxext/0001-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch')
-rw-r--r--main/libxext/0001-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch260
1 files changed, 260 insertions, 0 deletions
diff --git a/main/libxext/0001-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch b/main/libxext/0001-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
new file mode 100644
index 0000000000..58f29757e0
--- /dev/null
+++ b/main/libxext/0001-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-b.patch
@@ -0,0 +1,260 @@
+From ca84a813716f9de691dc3f60390d83af4b5ae534 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat, 13 Apr 2013 09:32:12 -0700
+Subject: [PATCH 1/7] Use _XEatDataWords to avoid overflow of rep.length bit
+ shifting
+
+rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ COPYING | 3 ++-
+ configure.ac | 6 ++++++
+ src/Makefile.am | 1 +
+ src/XEVI.c | 4 +++-
+ src/XMultibuf.c | 3 ++-
+ src/XSecurity.c | 3 ++-
+ src/XShape.c | 3 ++-
+ src/XSync.c | 3 ++-
+ src/Xcup.c | 7 ++++---
+ src/eat.h | 40 ++++++++++++++++++++++++++++++++++++++++
+ 10 files changed, 64 insertions(+), 9 deletions(-)
+ create mode 100644 src/eat.h
+
+diff --git a/COPYING b/COPYING
+index 80622a0..e3a63ef 100644
+--- a/COPYING
++++ b/COPYING
+@@ -160,7 +160,8 @@ makes no representations about the suitability for any purpose
+ of the information in this document. This documentation is
+ provided ``as is'' without express or implied warranty.
+
+-Copyright (c) 1999, 2005, 2006, Oracle and/or its affiliates. All rights reserved.
++Copyright (c) 1999, 2005, 2006, 2013, Oracle and/or its affiliates.
++All rights reserved.
+
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of this software and associated documentation files (the "Software"),
+diff --git a/configure.ac b/configure.ac
+index 63775de..fb9888d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -38,6 +38,12 @@ AC_SUBST(XEXT_SOREV)
+ # Obtain compiler/linker options for depedencies
+ PKG_CHECK_MODULES(XEXT, [xproto >= 7.0.13] [x11 >= 1.1.99.1] [xextproto >= 7.1.99])
+
++# Check for _XEatDataWords function that may be patched into older Xlib releases
++SAVE_LIBS="$LIBS"
++LIBS="$XEXT_LIBS"
++AC_CHECK_FUNCS([_XEatDataWords])
++LIBS="$SAVE_LIBS"
++
+ # Allow checking code with lint, sparse, etc.
+ XORG_WITH_LINT
+ XORG_LINT_LIBRARY([Xext])
+diff --git a/src/Makefile.am b/src/Makefile.am
+index e236c33..b828547 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -12,6 +12,7 @@ libXext_la_LDFLAGS = -version-number $(XEXT_SOREV) -no-undefined
+ libXext_la_LIBADD = $(XEXT_LIBS)
+
+ libXext_la_SOURCES = \
++ eat.h \
+ DPMS.c \
+ MITMisc.c \
+ XAppgroup.c \
+diff --git a/src/XEVI.c b/src/XEVI.c
+index eb09daa..0125c51 100644
+--- a/src/XEVI.c
++++ b/src/XEVI.c
+@@ -30,6 +30,8 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ #include <X11/extensions/Xext.h>
+ #include <X11/extensions/extutil.h>
+ #include <X11/Xutil.h>
++#include "eat.h"
++
+ static XExtensionInfo *xevi_info;/* needs to move to globals.c */
+ static const char *xevi_extension_name = EVINAME;
+ #define XeviCheckExtension(dpy,i,val) \
+@@ -171,7 +173,7 @@ Status XeviGetVisualInfo(
+ xInfoPtr = temp_xInfo = (xExtendedVisualInfo *)Xmalloc(sz_xInfo);
+ xConflictPtr = temp_conflict = (VisualID32 *)Xmalloc(sz_xConflict);
+ if (!*evi_return || !temp_xInfo || !temp_conflict) {
+- _XEatData(dpy, (sz_xInfo + sz_xConflict + 3) & ~3);
++ _XEatDataWords(dpy, rep.length);
+ UnlockDisplay(dpy);
+ SyncHandle();
+ if (evi_return)
+diff --git a/src/XMultibuf.c b/src/XMultibuf.c
+index 7a746ba..43d56d3 100644
+--- a/src/XMultibuf.c
++++ b/src/XMultibuf.c
+@@ -34,6 +34,7 @@ in this Software without prior written authorization from The Open Group.
+ #include <X11/extensions/extutil.h>
+ #include <X11/extensions/multibufproto.h>
+ #include <X11/extensions/multibuf.h>
++#include "eat.h"
+
+ static XExtensionInfo _multibuf_info_data;
+ static XExtensionInfo *multibuf_info = &_multibuf_info_data;
+@@ -408,7 +409,7 @@ Status XmbufGetWindowAttributes (
+ attr->buffers = (Multibuffer *) Xmalloc((unsigned) nbytes);
+ nbytes = rep.length << 2;
+ if (! attr->buffers) {
+- _XEatData(dpy, (unsigned long) nbytes);
++ _XEatDataWords(dpy, rep.length);
+ UnlockDisplay(dpy);
+ SyncHandle();
+ return (0);
+diff --git a/src/XSecurity.c b/src/XSecurity.c
+index f8c7da1..ab17755 100644
+--- a/src/XSecurity.c
++++ b/src/XSecurity.c
+@@ -33,6 +33,7 @@ in this Software without prior written authorization from The Open Group.
+ #include <X11/extensions/extutil.h>
+ #include <X11/extensions/securproto.h>
+ #include <X11/extensions/security.h>
++#include "eat.h"
+
+ static XExtensionInfo _Security_info_data;
+ static XExtensionInfo *Security_info = &_Security_info_data;
+@@ -282,7 +283,7 @@ XSecurityGenerateAuthorization(
+ }
+ else
+ {
+- _XEatData(dpy, (unsigned long) (rep.dataLength + 3) & ~3);
++ _XEatDataWords(dpy, rep.length);
+ }
+
+ UnlockDisplay (dpy);
+diff --git a/src/XShape.c b/src/XShape.c
+index 6e8fbae..3987876 100644
+--- a/src/XShape.c
++++ b/src/XShape.c
+@@ -35,6 +35,7 @@ in this Software without prior written authorization from The Open Group.
+ #include <X11/extensions/extutil.h>
+ #include <X11/extensions/shape.h>
+ #include <X11/extensions/shapeproto.h>
++#include "eat.h"
+
+ static XExtensionInfo _shape_info_data;
+ static XExtensionInfo *shape_info = &_shape_info_data;
+@@ -468,7 +469,7 @@ XRectangle *XShapeGetRectangles (
+ Xfree (xrects);
+ if (rects)
+ Xfree (rects);
+- _XEatData (dpy, *count * sizeof (xRectangle));
++ _XEatDataWords (dpy, rep.length);
+ rects = NULL;
+ *count = 0;
+ } else {
+diff --git a/src/XSync.c b/src/XSync.c
+index 5775293..3ca1308 100644
+--- a/src/XSync.c
++++ b/src/XSync.c
+@@ -59,6 +59,7 @@ PERFORMANCE OF THIS SOFTWARE.
+ #include <X11/extensions/extutil.h>
+ #include <X11/extensions/sync.h>
+ #include <X11/extensions/syncproto.h>
++#include "eat.h"
+
+ static XExtensionInfo _sync_info_data;
+ static XExtensionInfo *sync_info = &_sync_info_data;
+@@ -364,7 +365,7 @@ XSyncListSystemCounters(Display *dpy, int *n_counters_return)
+ {
+ if (list) Xfree((char *) list);
+ if (pWireSysCounter) Xfree((char *) pWireSysCounter);
+- _XEatData(dpy, (unsigned long) replylen);
++ _XEatDataWords(dpy, rep.length);
+ list = NULL;
+ goto bail;
+ }
+diff --git a/src/Xcup.c b/src/Xcup.c
+index bb9e90f..1f1d625 100644
+--- a/src/Xcup.c
++++ b/src/Xcup.c
+@@ -36,6 +36,7 @@ in this Software without prior written authorization from The Open Group.
+ #include <X11/extensions/cupproto.h>
+ #include <X11/extensions/Xext.h>
+ #include <X11/extensions/extutil.h>
++#include "eat.h"
+
+ static XExtensionInfo _xcup_info_data;
+ static XExtensionInfo *xcup_info = &_xcup_info_data;
+@@ -144,7 +145,7 @@ XcupGetReservedColormapEntries(
+ rbufp = rbuf;
+
+ if (rbufp == NULL) {
+- _XEatData (dpy, (unsigned long) nbytes);
++ _XEatDataWords(dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return False;
+@@ -221,7 +222,7 @@ XcupStoreColors(
+ nbytes = nentries * SIZEOF (xColorItem);
+
+ if (nentries != ncolors) {
+- _XEatData (dpy, (unsigned long) nbytes);
++ _XEatDataWords(dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return False;
+@@ -233,7 +234,7 @@ XcupStoreColors(
+ rbufp = rbuf;
+
+ if (rbufp == NULL) {
+- _XEatData (dpy, (unsigned long) nbytes);
++ _XEatDataWords(dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return False;
+diff --git a/src/eat.h b/src/eat.h
+new file mode 100644
+index 0000000..239532b
+--- /dev/null
++++ b/src/eat.h
+@@ -0,0 +1,40 @@
++/*
++ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a
++ * copy of this software and associated documentation files (the "Software"),
++ * to deal in the Software without restriction, including without limitation
++ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
++ * and/or sell copies of the Software, and to permit persons to whom the
++ * Software is furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice (including the next
++ * paragraph) shall be included in all copies or substantial portions of the
++ * Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
++ * DEALINGS IN THE SOFTWARE.
++ */
++
++#ifdef HAVE_CONFIG_H
++# include "config.h"
++#endif
++
++#ifndef HAVE__XEATDATAWORDS
++#include <X11/Xmd.h> /* for LONG64 on 64-bit platforms */
++#include <limits.h>
++
++static inline void _XEatDataWords(Display *dpy, unsigned long n)
++{
++# ifndef LONG64
++ if (n >= (ULONG_MAX >> 2))
++ _XIOError(dpy);
++# endif
++ _XEatData (dpy, n << 2);
++}
++#endif
+--
+1.8.2.3
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-17 17:44:22 +0000