Commit f9e3a2955d removing the MAXSCREEN limit left the screen
number too unlimited, and allowed any positive int for a screen number:
Xvfb :1 -screen 2147483647 1024x1024x8
Fatal server error:
Not enough memory for screen 2147483647
Found by Parfait 0.3.7:
Error: Integer overflow (CWE 190)
Integer parameter of memory allocation function realloc() may overflow due to multiplication with constant value 1112
at line 293 of hw/vfb/InitOutput.c in function 'ddxProcessArgument'.
Since the X11 connection setup only has a CARD8 for number of SCREENS,
limit to 255 screens, which is also low enough to avoid overflow on the
sizeof(*vfbScreens) * (screenNum + 1) calculation for realloc.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
(cherry picked from commit feebf67463)
https://bugs.freedesktop.org/show_bug.cgi?id=38420
Exit with fatal error message, not segfault.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 7d50211ab5)
(cherry picked from commit 97f2ae60fc)
This patch was generated by the following Perl code:
perl -i -pe 's/([^_])return\s*\(\s*([^(]+?)\s*\)s*;(\s+(\n))?/$1return $2;$4/g;'
Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Marcin Baczyński <marbacz@gmail.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matt Turner <mattst88@gmail.com>
This patch only changes the API, not the implementation of the
devPrivates infrastructure. This will permit a new devPrivates
implementation to be layed into the server without requiring
simultaneous changes in every devPrivates user.
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Tiago Vignatti <tiago.vignatti@nokia.com>
The only remaining X-functions used in server are XNF*, the rest is converted to
plain alloc/calloc/realloc/free/strdup.
X* functions are still exported from server and x* macros are still defined in
header file, so both ABI and API are not affected by this change.
Signed-off-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
If a -screen option specifies a screen number higher than any previously
specified, reallocate the vfb-private array of screen-info structs.
If built with a DIX that still has a MAXSCREENS limit, asking for too
many screens won't be detected until InitOutput calls AddScreen.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Inspired by Jon Turney's "Xwin: Simplify screen option processing"
patch, which does something similar for the Xwin server.
Besides making the code more readable, this eliminates most of Xvfb's
references to MAXSCREENS.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Tiago Vignatti <tiago.vignatti@nokia.com>
The screen number can be inferred from the position in the vfbScreens
array, and it was only used in two places, so it was hardly important.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Several DDXes allow each screen to have at most one (or in some cases,
exactly one) installed colormap. These all use the same pattern: Declare
a global-lifetime array of MAXSCREENS ColormapPtrs, and index it by
screen number. This patch converts most of those to use screen privates
instead.
Signed-off-by: Jamey Sharp <jamey@minilop.net>
Acked-by: Tiago Vignatti <tiago.vignatti@nokia.com>
This patch was created with:
git ls-files '*.[ch]' | while read f; do unifdef -B -DRENDER -o $f $f; done
Signed-off-by: Keith Packard <keithp@keithp.com>
Initialize the depth corresponding to the root window before the
pixmap-only depths. Otherwise you end up with the root window depth in
the depth list twice, which is mildly confusing for clients and
catastrophically confusing for PanoramiXConsolidate().
A grep on xorg/* revealed there's no consumer of this define.
Quote Alan Coopersmith:
"The consumer was in past versions of the headers now located
in proto/x11proto - for instance, in X11R6.0's xc/include/Xproto.h,
all the event definitions were only available if NEED_EVENTS were
defined, and all the reply definitions required NEED_REPLIES.
Looks like Xproto.h dropped them by X11R6.3, which didn't have
the #ifdef's anymore, so these are truly ancient now."
Signed-off-by: Peter Hutterer <peter.hutterer@redhat.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
addition of depth 12 & 30. It causes more than MAXFORMATS depths to be
added to the screen which causes an array in the Screen structure to
overflow and crash on server reset.
change "foo.h" to <X11/foo.h> for core headers, e.g. X.h, Xpoll.h;
change "foo.h", "extensions/foo.h" and "X11/foo.h" to
<X11/extensions/foo.h> for extension headers, e.g. Xv.h;
change "foo.[ch]" to <X11/Xtrans/foo.[ch]> for Xtrans files.
