diff options
Diffstat (limited to 'main/libxxf86vm/0006-Use-_XEatDataWords-to-avoid-overflow-of-length-calcu.patch')
-rw-r--r-- | main/libxxf86vm/0006-Use-_XEatDataWords-to-avoid-overflow-of-length-calcu.patch | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/main/libxxf86vm/0006-Use-_XEatDataWords-to-avoid-overflow-of-length-calcu.patch b/main/libxxf86vm/0006-Use-_XEatDataWords-to-avoid-overflow-of-length-calcu.patch new file mode 100644 index 0000000000..b10d3b7135 --- /dev/null +++ b/main/libxxf86vm/0006-Use-_XEatDataWords-to-avoid-overflow-of-length-calcu.patch @@ -0,0 +1,125 @@ +From 284a88e21fc05a63466115b33efa411c60d988c9 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Sat, 13 Apr 2013 14:24:12 -0700 +Subject: [PATCH 6/8] Use _XEatDataWords to avoid overflow of length + calculations + +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- + configure.ac | 6 ++++++ + src/XF86VMode.c | 35 +++++++++++++++++++++++++---------- + 2 files changed, 31 insertions(+), 10 deletions(-) + +diff --git a/configure.ac b/configure.ac +index d8a23b0..b637788 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -22,6 +22,12 @@ XORG_CHECK_MALLOC_ZERO + # Obtain compiler/linker options for depedencies + PKG_CHECK_MODULES(XXF86VM, xproto x11 xextproto xext [xf86vidmodeproto >= 2.2.99.1]) + ++# Check for _XEatDataWords function that may be patched into older Xlib release ++SAVE_LIBS="$LIBS" ++LIBS="$XXF86VM_LIBS" ++AC_CHECK_FUNCS([_XEatDataWords]) ++LIBS="$SAVE_LIBS" ++ + AC_CONFIG_FILES([Makefile + src/Makefile + man/Makefile +diff --git a/src/XF86VMode.c b/src/XF86VMode.c +index 1b907f4..bd54937 100644 +--- a/src/XF86VMode.c ++++ b/src/XF86VMode.c +@@ -30,11 +30,27 @@ from Kaleb S. KEITHLEY. + + /* THIS IS NOT AN X CONSORTIUM STANDARD */ + ++#ifdef HAVE_CONFIG_H ++#include <config.h> ++#endif ++ + #include <X11/Xlibint.h> + #include <X11/extensions/xf86vmproto.h> + #include <X11/extensions/xf86vmode.h> + #include <X11/extensions/Xext.h> + #include <X11/extensions/extutil.h> ++#include <limits.h> ++ ++#ifndef HAVE__XEATDATAWORDS ++static inline void _XEatDataWords(Display *dpy, unsigned long n) ++{ ++# ifndef LONG64 ++ if (n >= (ULONG_MAX >> 2)) ++ _XIOError(dpy); ++# endif ++ _XEatData (dpy, n << 2); ++} ++#endif + + #ifdef DEBUG + #include <stdio.h> +@@ -257,7 +273,8 @@ XF86VidModeGetModeLine(Display* dpy, int screen, int* dotclock, + if (modeline->privsize > 0) { + modeline->private = Xcalloc(modeline->privsize, sizeof(INT32)); + if (modeline->private == NULL) { +- _XEatData(dpy, (modeline->privsize) * sizeof(INT32)); ++ _XEatDataWords(dpy, rep.length - ++ ((SIZEOF(xXF86VidModeGetModeLineReply) - SIZEOF(xReply)) >> 2)); + result = False; + } else + _XRead(dpy, (char*)modeline->private, modeline->privsize * sizeof(INT32)); +@@ -318,10 +335,8 @@ XF86VidModeGetAllModeLines(Display* dpy, int screen, int* modecount, + if (!(modelines = (XF86VidModeModeInfo **) Xcalloc(rep.modecount, + sizeof(XF86VidModeModeInfo *) + +sizeof(XF86VidModeModeInfo)))) { +- if (majorVersion < 2) +- _XEatData(dpy, (rep.modecount) * sizeof(xXF86OldVidModeModeInfo)); +- else +- _XEatData(dpy, (rep.modecount) * sizeof(xXF86VidModeModeInfo)); ++ _XEatDataWords(dpy, rep.length - ++ ((SIZEOF(xXF86VidModeGetAllModeLinesReply) - SIZEOF(xReply)) >> 2)); + UnlockDisplay(dpy); + SyncHandle(); + return False; +@@ -354,7 +369,7 @@ XF86VidModeGetAllModeLines(Display* dpy, int screen, int* modecount, + if (oldxmdline.privsize > 0) { + if (!(modelines[i]->private = + Xcalloc(oldxmdline.privsize, sizeof(INT32)))) { +- _XEatData(dpy, (oldxmdline.privsize) * sizeof(INT32)); ++ _XEatDataWords(dpy, oldxmdline.privsize); + } else { + _XRead(dpy, (char*)modelines[i]->private, + oldxmdline.privsize * sizeof(INT32)); +@@ -384,7 +399,7 @@ XF86VidModeGetAllModeLines(Display* dpy, int screen, int* modecount, + if (xmdline.privsize > 0) { + if (!(modelines[i]->private = + Xcalloc(xmdline.privsize, sizeof(INT32)))) { +- _XEatData(dpy, (xmdline.privsize) * sizeof(INT32)); ++ _XEatDataWords(dpy, xmdline.privsize); + } else { + _XRead(dpy, (char*)modelines[i]->private, + xmdline.privsize * sizeof(INT32)); +@@ -902,8 +917,7 @@ XF86VidModeGetMonitor(Display* dpy, int screen, XF86VidModeMonitor* monitor) + monitor->hsync = monitor->vsync = NULL; + } + if (result == False) { +- _XEatData(dpy, (rep.nhsync + rep.nvsync) * 4 + +- ((rep.vendorLength+3) & ~3) + ((rep.modelLength+3) & ~3)); ++ _XEatDataWords(dpy, rep.length); + Xfree(monitor->vendor); + monitor->vendor = NULL; + Xfree(monitor->model); +@@ -1036,7 +1050,8 @@ XF86VidModeGetDotClocks(Display* dpy, int screen, int *flagsPtr, + + dotclocks = Xcalloc(rep.clocks, sizeof(int)); + if (dotclocks == NULL) { +- _XEatData(dpy, (rep.clocks) * 4); ++ _XEatDataWords(dpy, rep.length - ++ ((SIZEOF(xXF86VidModeGetDotClocksReply) - SIZEOF(xReply)) >> 2)); + result = False; + } + else { +-- +1.8.2.3 + |