Add a proper access mode, and reverse the logic of the return value.
Zero ("Success") is returned on success from the hook calls.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
(cherry picked from commit 3cea176d5a)
Instead, clients should keep track of the selection instances they use.
(cherry picked from commit 0952d12717)
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Error: Write outside array bounds at Xext/geext.c:406
in function 'GEWindowSetMask' [Symbolic analysis]
In array dereference of cli->nextSib[extension] with index 'extension'
Array size is 128 elements (of 4 bytes each), index <= 128
Error: Buffer overflow at dix/events.c:592
in function 'SetMaskForEvent' [Symbolic analysis]
In array dereference of filters[deviceid] with index 'deviceid'
Array size is 20 elements (of 512 bytes each), index >= 0 and index <= 20
Error: Read buffer overflow at hw/xfree86/loader/loader.c:226
in function 'LoaderOpen' [Symbolic analysis]
In array dereference of refCount[new_handle] with index 'new_handle'
Array size is 256 elements (of 4 bytes each), index >= 1 and index <= 256
These bugs were found using the Parfait source code analysis tool.
For more information see http://research.sun.com/projects/parfait
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit b680bda34d)
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 1c101d75d4)
Signed-off-by: Keith Packard <keithp@keithp.com>
This wrong check may cause BadLength to be returned to the client even if the
length is correct.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 8b583ca2b2)
Signed-off-by: Keith Packard <keithp@keithp.com>
LogVWrite is limited to a buffer size of 1024, so we don't loose anything here
by truncating. This way we can use LogVMessageVerb (and xf86Msg and friends)
during signal handlers with the normal message types.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Alan Coopersmith <alan.coopersmith@sun.com>
(cherry picked from commit 0e0642ee94)
Signed-off-by: Keith Packard <keithp@keithp.com>
When xinerama is enabled we don't get randr protocol, but the
driver might still want randr internals
(cherry picked from commit faf7dfa099)
Signed-off-by: Keith Packard <keithp@keithp.com>
The references to this file in the server code were removed in commit dda10c9066
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
(cherry picked from commit d0dd649035)
Signed-off-by: Keith Packard <keithp@keithp.com>
The '-co' option was removed in commit dda10c9066
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
(cherry picked from commit b0ad9e1ced)
Signed-off-by: Keith Packard <keithp@keithp.com>
When ProcXkbSetNamedIndicator is called on a core device, and we
walk the slaves to set the LED's on each of them, ignore any slaves
that do not have either a KbdFeedbackCtrl or LedCtrl structure.
(This is much more critical in xserver-1.5-branch, where we walk
*all* devices, not just the slaves of the specified master, and
thus return failure when setting an LED on the Core Keyboard and
hit a xf86-input-mouse device with no LED's to set.)
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 557dbadf3b)
Signed-off-by: Keith Packard <keithp@keithp.com>
Note that deviceKeyButtonPointer and keyButtonPointer have the same wire
layout, so we only need to check for event types.
X.Org Bug 20557 <http://bugs.freedesktop.org/show_bug.cgi?id=20557>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
A driver with this hook will take care of preparing the outputs & crtcs,
so calling the prepare functions will just cause unnecessary flicker.
Fixes bug #21077
(cherry picked from commit 94648bb797)
Signed-off-by: Keith Packard <keithp@keithp.com>
This panel reports its vertical size in cm.
X.Org bug#21000 <http://bugs.freedesktop.org/show_bug.cgi?id=21000>
Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit b1dab580bd)
Signed-off-by: Keith Packard <keithp@keithp.com>
After the call to xf86ActivateDevice, the new device will be added to
inputInfo.devices. However, if the subsequent call to ActivateDevice
fails, the correponding InputInfoRec for the device is deleted but an
entry still remains in inputInfo.devices. This might lead to a server
crash later on (on InitAndStartDevices for instance) when the device
control proc would be called for an invalid device.
(cherry picked from commit efa31092d6)
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
It isn't very useful yet while the damage layer calls us for empty operations,
mostly confuses users.
(cherry picked from commit 3948b52389)
Signed-off-by: Keith Packard <keithp@keithp.com>
Preserve the EXA ABI by introducing a new driver flag EXA_SUPPORTS_PREPARE_AUX.
If the driver doesn't set this flag, we have to assume any Prepare/FinishAccess
driver hooks can't handle the EXA_PREPARE_AUX* indices, so we move out such
pixmaps at PrepareAccess time.
Fixes https://bugs.freedesktop.org/show_bug.cgi?id=18710 .
Signed-off-by: Michel Dänzer <daenzer@vmware.com>
(cherry picked from commit 4cfb36f6ad)
Signed-off-by: Keith Packard <keithp@keithp.com>
This prevents building an older server with a new dri2proto.h from
resulting in a DRI2 extension module that lies about the version it
supports.
Signed-off-by: Ian Romanick <ian.d.romanick@intel.com>
(cherry picked from commit 44227ef1b7)
Signed-off-by: Keith Packard <keithp@keithp.com>
This allows untrusted clients to destroy their own windows when they
have been reparented by a trusted window manager.
(cherry picked from commit 4559d2ace6)
Previously, three extensions were defined as "trusted" by the extension:
BIG-REQUESTS, XC-MISC, and XPrint. No other extensions were permitted
to be used by untrusted clients.
In commit 8b5d21cc1d this was changed for
some reason. Return to the old, compatible behavior.
(cherry picked from commit 6045506be0)
The POINTER_SCREEN flag must be set explicitly for XTest core events to avoid
out-of-range events when the lastSlave was an SD with an explicit axis range.
Device events sent through XTest don't need this flag, they are expected to be
in the valuator range of the device anyway.
Red Hat Bug 490984 <https://bugzilla.redhat.com/show_bug.cgi?id=490984>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 603db34337)
When a drawable goes away, we don't destroy the GLX drawable in full,
since it may be current for a context. This means that when the drawable
is destroyed in full later, the backend doesn't get a chance to
destroy resources associated with the drawable (the DRI2Drawable).
With this patch, we destroy the GLX drawable in full when it goes away
and then track down all contexts that reference it and NULL their
pointers.
(cherry picked from commit 7b6400a1b8)
This happened because we put a byte in the fd to wake up dispatch, but we never actually enqueued anything in mieq because the num_events was 0.
(cherry picked from commit c21ca7558d)
Currently no code path exhibits the broken behavior since we only toggle into rootless if we don't have the root.
(cherry picked from commit 970f100ca3)
