Error: Write outside array bounds at Xext/geext.c:406
in function 'GEWindowSetMask' [Symbolic analysis]
In array dereference of cli->nextSib[extension] with index 'extension'
Array size is 128 elements (of 4 bytes each), index <= 128
Error: Buffer overflow at dix/events.c:592
in function 'SetMaskForEvent' [Symbolic analysis]
In array dereference of filters[deviceid] with index 'deviceid'
Array size is 20 elements (of 512 bytes each), index >= 0 and index <= 20
Error: Read buffer overflow at hw/xfree86/loader/loader.c:226
in function 'LoaderOpen' [Symbolic analysis]
In array dereference of refCount[new_handle] with index 'new_handle'
Array size is 256 elements (of 4 bytes each), index >= 1 and index <= 256
These bugs were found using the Parfait source code analysis tool.
For more information see http://research.sun.com/projects/parfait
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit b680bda34d)
(cherry picked from commit 04c9e80f08)
Signed-off-by: Keith Packard <keithp@keithp.com>
Make GEClientGone static and include registry.h, to fix the following
warnings:
geext.c:225: warning: no previous prototype for 'GEClientGone'
geext.c: In function 'GEExtensionInit':
geext.c:280: warning: implicit declaration of function 'RegisterResourceName'
geext.c:280: warning: nested extern declaration of 'RegisterResourceName'
This fixes a severe issue - when the client died the event mask didn't get
unregistered and a future event would dereference dangling pointers. By
storing the event masks in the resource system we can free them when the
client dies.
Basically the same approach RandR takes. Remember which one the client
requested, send back the one the server supports. Also divide XGE server
version (now defined in geext.c) and the client's version (still in the
protocol definition).
We need this to allow extensions to fill in extra data for an event before it
is sent to the client. This is probably to be used like
FillUpEventsFromWindow().
This adds (unconditional) support for the GE extension. Anything from now on
that sends events in MPX will have to use the GE extension. No GE, no MPX
events. GE is not actually used yet from anywhere with this commit.
You will need to update x11proto, xextproto, libX11, libXext and xcb to the
matching xge branches. Things will _NOT_ work without the updated protocol
headers and libraries.
