The other values are checked correctly, but if a modifier was outside the
allowed range, it would go unnoticed and cause a out-of-bounds read error for
any mask equal or larger than 256. The DetailRec where we store the grab masks
is only sized to 8 * sizeof(Mask).
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 0f10cfd4b9)
On OpenBSD, passing a timeout longer than 100000000 seconds to select(2) will
make it fail with EINVAL. As this is original 4.4BSD behaviour it is not
inconceivable that other systems suffer from the same problem. And Linux,
though not suffering from any 4.4BSD heritage, briefly did something similar:
<https://lkml.org/lkml/2012/8/31/263>
So avoid calling AdjustWaitForDelay() instead of setting the timeout to
(effectively) ULONG_MAX milliseconds.
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit ddeca92749)
The server internally relies on arrays with a MAX_BUTTONS maximum size (which
is the max the core protocol can transport). Make sure a driver adheres to
that.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
(cherry picked from commit 87ca80a719)
Flagged by cppcheck 1.62:
[hw/xfree86/common/xf86Helper.c:220] -> [hw/xfree86/common/xf86Helper.c:231]:
(warning) Possible null pointer dereference: pScrn - otherwise it is
redundant to check it against null.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit c1ac89c793)
Flagged by cppcheck 1.62:
[dix/dixfonts.c:1792]: (error) Common realloc mistake:
'font_path_string' nulled but not freed upon failure
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit e6733ae91b)
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 9fc19168e7)
The request is followed by mask_len 4-byte units, then followed by the actual
modifiers.
Also fix up the swapping test, which had the same issue.
Reported-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 76b3be75b6)
Conflicts:
test/xi2/protocol-xipassivegrabdevice.c
We call atoi() on the server's display to get the socket but otherwise use the
unmodified display for log file name, xkb paths, etc. This results in
Xorg :banana being the equivalent of Xorg :0, except for the log files being
in /var/log/Xorg.banana.log. I'm not sure there's a good use-case for this
behaviour.
Check the display for something that looks reasonable, i.e. digits only, but
do allow for :0.0 (i.e. digits, followed by a period, followed by one or two
digits).
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 71baa466b1)
When a grab on a slave device is deactivated, the master device must
be checked, just in case there were events from other devices while
the slave device was stolen away by the passive grab. This may
introduce misbehaviors on mismatching valuators and device features
later on UpdateDeviceState().
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit b2d5ee2e36)
dev->button->down is a bitmask, not a normal array. Use the helper function to
check, we technically allow the mapping to change after the physical button
has been pressed (but not yet processed yet), so only check BUTTON_PROCESSED.
From XSetPointerMapping(3):
"If any of the buttons to be altered are logically in the down state,
XSetPointerMapping returns MappingBusy, and the mapping is not changed."
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
(cherry picked from commit 25d10464f4)
It seems the alanyzer can't comprehend dixSetPrivate().
quartz.c:119:12: warning: Potential leak of memory pointed to by 'displayInfo'
return quartzProcs->AddScreen(index, pScreen);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 64327226dd)
Avoids potential memory corruption from bad requests
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit a03f096a85)
Return an error to the caller rather than crashing the server on
invalid screens.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit b3572c0d1a)
x-hook.c:96:9: warning: Called function pointer is an uninitalized pointer value
(*fun[i])(arg, data[i]);
^~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 959e8f23af)
X11Controller.m:938:1: warning: method 'applicationWillTerminate:' could be declared with attribute 'noreturn'
[-Wmissing-noreturn,Semantic Issue]
{
^
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit f79af19417)
./darwinfb.h:28:9: warning: '_DARWIN_FB_H' is used as a header guard here, followed by #define of a different macro
[-Wheader-guard,Lexical or Preprocessor Issue]
^~~~~~~~~~~~
./darwinfb.h:29:9: note: '_DARWIN_DB_H' is defined here; did you mean '_DARWIN_FB_H'? [Lexical or Preprocessor Issue]
^~~~~~~~~~~~
_DARWIN_FB_H
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 2e3ebec952)
Skipped present pixmap calls were not setting the mode to
PresentCompleteModeSkip for skipped operations.
Signed-off-by: Keith Packard <keithp@keithp.com>
Presents which are not marked 'queued' and are in the window present
list are waiting for the flip event; discarding those won't work very
well (it'll end up trashing displayed content for the next frame), so
skip over those when looking for duplicate frame presents
Signed-off-by: Keith Packard <keithp@keithp.com>
Check for Async flag and execute immediately if set, otherwise wait
for the next appropriate vblank before copying.
Signed-off-by: Keith Packard <keithp@keithp.com>
This can't happen when GLX is the backing window system, but can
elsewhere. We may as well protect against it at a high level.
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
We want to advertise the version we implement, not the version the
protocol headers happen to describe.
Reviewed-by: Jasper St. Pierre <<jstpierre@mecheye.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
We want to advertise the version we implement, not the version the
protocol headers happen to describe.
Reviewed-by: Jasper St. Pierre <<jstpierre@mecheye.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
There's nothing to stop a client from sending these requests to screens
without DRI3 support, and if they do, we'll crash. Let's not do that.
Reviewed-by: Jasper St. Pierre <<jstpierre@mecheye.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
If an touch triggers an async button grab and that grab does not have the
ButtonReleaseMask set, the TouchEnd is never delivered, deliveries is 0 and
the grab is never deactivated.
If the grab is pointer async and keyboard sync, the keyboard events are stuck
in EnqueueEvent until some other pointer event terminates the grab.
Change this to check for the number of listeners. If we're about to deliver a
TouchEnd to a passive pointer grab, the number of listeners is already 1 -
pointer grabs always accept so other listeners were removed.
X.Org Bug 71878 <http://bugs.freedesktop.org/show_bug.cgi?id=71878>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Bug #71878 describes a bug resulting in the server ceasing to respond to
keyboard input after a touch event. The problem might be the following:
DeliverTouchBeginEvent tries to deliver an event to a listener of type
LISTENER_POINTER_REGULAR, taking the following if branch,
if (listener->type == LISTENER_POINTER_REGULAR ||
listener->type == LISTENER_POINTER_GRAB) {
rc = DeliverTouchEmulatedEvent(dev, ti, ev, listener, client, win,
grab, xi2mask);
if (rc == Success) {
listener->state = LISTENER_IS_OWNER;
/* async grabs cannot replay, so automatically accept this touch */
if (dev->deviceGrab.grab &&
dev->deviceGrab.fromPassiveGrab &&
dev->deviceGrab.grab->pointerMode == GrabModeAsync)
ActivateEarlyAccept(dev, ti);
}
goto out;
}
DeliverTouchEmulatedEvent succeeds. The deviceGrab meets all
three of the conditions of the inner if, enters
ActivateEarlyAccept which then fails due to,
BUG_RETURN(ti->listeners[0].type != LISTENER_GRAB &&
ti->listeners[0].type != LISTENER_POINTER_GRAB);
That is, despite listener->type == LISTENER_POINTER_REGULAR. With my
non-existent knowledge of XINPUT, it seems like the solution here
might be to only ActivateEarlyAccept when listener->type ==
LISTENER_POINTER_GRAB.
Signed-off-by: Ben Gamari <bgamari.foss@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Newly created windows inherit the pixmap of their parent, similarly,
reparenting a tree inherits the pixmap of the destination tree.
Making present preserve the invariant that unredirected windows always
have the same pixmap as their parent ensures that the above cases work
correctly.
v2: name the recursive function to 'set_tree_pixmap' instead of 'set_window_pixmap'
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
v1: Rewrite by Marc Haesen of the WGL wrapper function generation script to use
Khronos group XML.
v2: Remove -dispatchheader option, since dispatch.h doesn't exist anymore, use
the private glapi interface to construct the GL dispatch table for the native
WGL thunks.
v3:
Rewrite to generate shims for the OpenGL 1.2.1 (GL 1.2 + GL_ARB_imaging
+GL_ARB_multitexture + GL_ARB_texture_compression(?)) functions the server links
directly with rather than libGL.
These shims dispatch to either the mesa GL DLL, or a thunking DLL containing
cdecl-to-stcall wrapper functions for the native GL DLL.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Adam Jackson <ajax@redhat.com>
At the moment we have a mix of ARB and non-ARB suffixed forms for ARB_multitexture functions
e.g. glMultiTexCoord1fvARB and glMultiTexCoord1dv
Consistently use the ARB-suffixed form, assuming that is present in all libGL
which provide the OpenGL 1.2.1 ABI we expect to be able to directly link with.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Adam Jackson <ajax@redhat.com>
/jhbuild/checkout/xorg/xserver/hw/kdrive/ephyr/ephyr.c: In function ‘ephyrProcessMouseMotion’:
/jhbuild/checkout/xorg/xserver/hw/kdrive/ephyr/ephyr.c:946:188: error: ‘ephyrCurScreen’ undeclared (first use in this function)
/jhbuild/checkout/xorg/xserver/hw/kdrive/ephyr/ephyr.c: In function ‘ephyrProcessButtonPress’:
/jhbuild/checkout/xorg/xserver/hw/kdrive/ephyr/ephyr.c:980:186: error: ‘ephyrCurScreen’ undeclared (first use in this function)
/jhbuild/checkout/xorg/xserver/hw/kdrive/ephyr/ephyr.c: In function ‘ephyrProcessButtonRelease’:
/jhbuild/checkout/xorg/xserver/hw/kdrive/ephyr/ephyr.c:1007:186: error: ‘ephyrCurScreen’ undeclared (first use in this function)
Fix ephyr compilation when ./configure'd with --enable-debug after commit
46cf6bf569, some instances of ephyrCurScreen were
not converted to screen->pScreen->myNum.
v2: Don't use a trivial local variable which will be unused when ./configure'd
with --disable-debug
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Adam Jackson <ajax@redhat.com>
CGL doesn't have anything like glXGetProcAddress, and the old code just
called down to dlsym in any case. It's a little mind-warping since
dlopening a framework actually loads multiple dylibs, but that's just
how OSX rolls.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
