aboutsummaryrefslogtreecommitdiffstats
path: root/main/libxxf86dga/0001-Use-_XEatDataWords-to-avoid-overflow-of-rep.length-s.patch
blob: 5a77d4cc4077ca00ef0b46a622d03bb2d130b5ec (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

From 6fa471be7a005bde97bcb5ca5a17662ea8d32587 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 13 Apr 2013 12:05:25 -0700
Subject: [PATCH 1/6] Use _XEatDataWords to avoid overflow of rep.length
 shifting

rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
 configure.ac   |  6 ++++++
 src/XF86DGA2.c | 17 ++++++++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 0558326..955fa3c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -22,6 +22,12 @@ XORG_CHECK_MALLOC_ZERO
 # Obtain compiler/linker options for depedencies
 PKG_CHECK_MODULES(XXF86DGA, xproto x11 xextproto xext [xf86dgaproto >= 2.0.99.2])
 
+# Check for _XEatDataWords function that may be patched into older Xlib release
+SAVE_LIBS="$LIBS"
+LIBS="$XXF86DGA_LIBS"
+AC_CHECK_FUNCS([_XEatDataWords])
+LIBS="$SAVE_LIBS"
+
 AC_CONFIG_FILES([Makefile
 		src/Makefile
 		man/Makefile
diff --git a/src/XF86DGA2.c b/src/XF86DGA2.c
index 964de18..c17c7f1 100644
--- a/src/XF86DGA2.c
+++ b/src/XF86DGA2.c
@@ -6,6 +6,9 @@ Copyright (c) 1995,1996  The XFree86 Project, Inc
 */
 
 /* THIS IS NOT AN X CONSORTIUM STANDARD */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
 
 #ifdef __UNIXOS2__ /* needed here to override certain constants in X headers */
 #define INCL_DOS
@@ -22,6 +25,18 @@ Copyright (c) 1995,1996  The XFree86 Project, Inc
 #include <stdio.h>
 
 #include <stdint.h>
+#include <limits.h>
+
+#ifndef HAVE__XEATDATAWORDS
+static inline void _XEatDataWords(Display *dpy, unsigned long n)
+{
+# ifndef LONG64
+    if (n >= (ULONG_MAX >> 2))
+        _XIOError(dpy);
+# endif
+    _XEatData (dpy, n << 2);
+}
+#endif
 
 /* If you change this, change the Bases[] array below as well */
 #define MAX_HEADS 16
@@ -342,7 +357,7 @@ XDGAMode* XDGAQueryModes(
 	      }
 	      *num = rep.number;
 	   } else
-		_XEatData(dpy, rep.length << 2);
+		_XEatDataWords(dpy, rep.length);
 	}
     }
 
-- 
1.8.2.3
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-05 22:44:00 +0000