Use fchmod() to change permissions of the lock file instead
of chmod(), thus avoid the race that can be exploited to set
a symbolic link to any file or directory in the system.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit b67581cf82)
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 6ba44b91e3)
mesa used to send too long requests for GLXDestroyPixmap,
GLXDestroyWindow, GLXChangeDrawableAttributes, GLXGetDrawableAttributes
and GLXGetFBConfigsSGIX.
Fixes a regression introduced in ec9c97c6bf
X.Org bug#33324 <https://bugs.freedesktop.org/show_bug.cgi?id=33324>
Reported-by: xunx.fang@intel.com
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 402b329c3a)
The request is followed by a list of attributes.
X.Org bug#33449
Reported-and-tested-by: meng <mengmeng.meng@intel.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 1137c11be0)
The request is followed by an attribute list.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit a883cf1545)
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit d9225b9602)
Various glx requests include a list of pairs of attributes. We were
only swapping the first half.
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 62319e8381)
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 6c69235a9d)
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit ec9c97c6bf)
introduced in 93ca526892.
Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Dan Nicholson <dbn.lists@gmail.com>
Reviewed-by: Nicolas Peninguy <nico@lostgeeks.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Free the pointers inside miInitVisuals, so the callers of this function
(fboverlay.c and fbscreen.c) don't need to worry with deallocation in the case
of failure.
Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Nicolas Peninguy <nico@lostgeeks.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
There were two memory leaks in the function: one was the lack of free
for "enabled", the other was the full lack of releasing anything when
configuration was too small. The first issue was fixed by adding the
missing free, the other was addressed by replacing the duplicate
memory releasing sequences with one that is gotoed into.
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit d3adf2d935)
v2: Slightly more obvious sizing math.
==14882== Invalid write of size 2
==14882== at 0x6750267: VBEGetVBEInfo (vbe.c:400)
==14882== by 0x6142064: ??? (in /usr/lib64/xorg/modules/drivers/vesa_drv.so)
==14882== by 0x471895: InitOutput (xf86Init.c:519)
==14882== by 0x422778: main (main.c:205)
==14882== Address 0x4f32fa8 is 72 bytes inside a block of size 73 alloc'd
==14882== at 0x4A0640D: malloc (vg_replace_malloc.c:236)
==14882== by 0x675024B: VBEGetVBEInfo (vbe.c:398)
==14882== by 0x6142064: ??? (in /usr/lib64/xorg/modules/drivers/vesa_drv.so)
==14882== by 0x471895: InitOutput (xf86Init.c:519)
==14882== by 0x422778: main (main.c:205)
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit d8caa78200)
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 3f0d3f4d97)
The EDID processing regards physical dimensions of 0mm x 0mm as
invalid. Previously the old values for height and width would be
preserved if none of the physical dimension specifications in the new
EDID were considered valid.
This will come up in particular if first a monitor is connected to an
output, and then a projector is connected. Since projectors generally
report physical dimensions of 0mm x 0mm, this would result in the
projector claiming to have the physical dimensions of the monitor.
Signed-off-by: Evan Broder <ebroder@mokafive.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 12b0f7df2c)
Inferring modes from sync ranges is only valid if the monitor says it's
valid. If the monitor says it's valid, then we'll have already added
those modes during EDID block parse. If it doesn't, then we should
believe it.
If there's no EDID for an output, but sync ranges from the config, we'll
still add default modes as normal.
Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit dc498b433f)
We now support using RandR to set the resolution of the primary display (and
place a shielding window on other displays) in multi-monitor configurations.
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
(cherry picked from commit 8cf3348e90)
This will prevent native windows from resizing as we change resolutions.
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
(cherry picked from commit 13578b852b)
If there's a GPU copy and a non-zero devKind was passed in, set the GPU copy
pitch to that instead of to a possibly bogus value derived from the new width.
This is e.g. used by the radeon driver's drmmode_xf86crtc_resize hook, fixes
https://bugs.freedesktop.org/show_bug.cgi?id=33929 .
On the other hand, the system memory copy doesn't need the pitch to be aligned
beyond the PixmapBytePad of the width.
Signed-off-by: Michel Dänzer <daenzer@vmware.com>
Acked-by: Cyril Brulebois <kibi@debian.org>
Tested-by: Cyril Brulebois <kibi@debian.org>
Reported-by: Thierry Vignaud <thierry.vignaud@gmail.com>
Tested-by: Thierry Vignaud <thierry.vignaud@gmail.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 31704510f4)
RecordFlushReplyBuffer can call itself recursively through
WriteClient->CallCallbacks->_CallCallbacks->RecordFlushAllContexts
when the recording client's buffer cannot be completely emptied in one
WriteClient. When a such a recursion occurs, it will not be broken out
of which results in segmentation fault when the stack is exhausted.
This patch adds a counter (a flag, really) that guards against this
situation, to break out of the recursion.
One alternative to this change would be to change _CallCallbacks to
check the corresponding counter before the callback loop, but that
might affect existing behavior, which may be relied upon.
Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 0801afbd7c)
M_DRAWABLE_PIXMAP is the lookup mask to dixLookupDrawable, and _not_ the
type value in the drawable itself.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit ac0a00a840)
