The wOtherInputMasks(win) macro will return NULL if
win->optional is NULL.
Reported in #1817:
xwayland-24.1.6/redhat-linux-build/../dix/gestures.c:242:9:
warning[-Wanalyzer-null-dereference]: dereference of NULL ‘inputMasks’
xwayland-24.1.6/redhat-linux-build/../dix/touch.c:765:9:
warning[-Wanalyzer-null-dereference]: dereference of NULL ‘inputMasks’
xwayland-24.1.6/redhat-linux-build/../dix/touch.c:782:9:
warning[-Wanalyzer-null-dereference]: dereference of NULL ‘inputMasks’
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2078>
(cherry picked from commit 15496a5e3d)
Since 1e728c3e88 ,
Whenever we allocate a composite pixmap, we perform an expensive CopyArea call from the parent pixmap.
This leads to very bad performance when using a framebuffer driver without shadowfb.
My guess is that this call ends up reading memory from the framebuffer memory directly, which is very slow.
Fixes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1814
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Signed-off-by: stefan11111 <stefan11111@shitposting.expert>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2073>
(cherry picked from commit 7e6c55cc9f)
InputOnly windows aren't relevant here.
E.g. mutter-x11-frames uses GTK4, which creates a 1x1 InputOnly child
window, which previously prevented this code from working as intended.
v2: (Olivier Fourdan)
* Rename output_child -> input_output_child.
* Add comment in get_single_input_output_child explaining why we return
NULL if input_output_child is already non-NULL.
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2069>
(cherry picked from commit 6f31791945)
If the WM client reparents a window, mark the new parent as a WM window.
This helps with current mutter, where decoration windows are created by
a separate mutter-x11-frames client instead of the WM client. There
might be other compositors doing something similar now or in the future.
v2:
* Skip the whole unwrap-and-call-down dance in xwl_reparent_window if
xwl_screen->ReparentWindow is NULL.
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2069>
(cherry picked from commit 105b5f2402)
Reported in #1817:
xwayland-24.1.6/redhat-linux-build/../Xi/xibarriers.c:729:5:
warning[-Wanalyzer-null-dereference]:
dereference of NULL ‘AllocBarrierDevice()’
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2075>
(cherry picked from commit 0ee6039053)
Reported in #1817:
xwayland-24.1.6/redhat-linux-build/../Xi/listdev.c:171:5:
warning[-Wanalyzer-possible-null-dereference]:
dereference of possibly-NULL ‘dev’
xwayland-24.1.6/redhat-linux-build/../Xi/listdev.c:379:23:
acquire_memory: this call could return NULL
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2075>
(cherry picked from commit 19c6195e71)
Reported in #1817:
xwayland-24.1.6/redhat-linux-build/../Xi/getprop.c:163:25:
warning[-Wanalyzer-possible-null-dereference]:
dereference of possibly-NULL ‘buf’
xwayland-24.1.6/redhat-linux-build/../Xi/getprop.c:121:19:
acquire_memory: this call could return NULL
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2075>
(cherry picked from commit 7b18313e2a)
(The existing setting of led_mask is probably wrong, but has been set
like this since X11R5 and going back as far as the first version in
the X Consortium source control archives.)
Reported in #1817:
xwayland-24.1.6/redhat-linux-build/../Xi/getfctl.c:108:9:
warning[-Wanalyzer-use-of-uninitialized-value]:
use of uninitialized value ‘*k2.led_values’
108|-> swapl(&k2->led_values);
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2075>
(cherry picked from commit 90c8429d35)
The wOtherInputMasks(win) macro will return NULL if
win->optional is NULL.
Reported in #1817:
xwayland-24.1.6/redhat-linux-build/../Xi/exevents.c:1390:13:
warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
xwayland-24.1.6/redhat-linux-build/../Xi/exevents.c:1404:13:
warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
xwayland-24.1.6/redhat-linux-build/../Xi/exevents.c:2293:9:
warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
xwayland-24.1.6/redhat-linux-build/../Xi/exevents.c:3244:22:
warning[-Wanalyzer-null-dereference]: dereference of NULL ‘inputMasks’
xwayland-24.1.6/redhat-linux-build/../Xi/exevents.c:3338:9:
warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2075>
(cherry picked from commit 7b7bcf9231)
If there's nothing to send, skip over a bunch of code to make a list
that won't be used, and hopefully make the code path clearer to both
humans and static analyzers, who raise errors as seen in #1817 of
dereferencing NULL pointers when count == 0.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2072>
(cherry picked from commit d34243606c)
Reported in #1817:
xwayland-24.1.6/redhat-linux-build/../Xext/xres.c:233:13: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘current_clients’
xwayland-24.1.6/redhat-linux-build/../Xext/xres.c:228:23: acquire_memory: this call could return NULL
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2072>
(cherry picked from commit 3da60c96a9)
Reported in #1817:
xwayland-24.1.6/redhat-linux-build/../Xext/vidmode.c:96:5: warning[-Wanalyzer-null-argument]: use of NULL ‘VidModeCreateMode()’ where non-null expected
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2072>
(cherry picked from commit 5e62aaaf57)
Reported incorrectly in #1817 as:
xwayland-24.1.6/redhat-linux-build/../Xext/sync.c:2835:33: acquire_memory: allocated here
xwayland-24.1.6/redhat-linux-build/../Xext/sync.c:2843:12: danger: ‘priv’ leaks here; was allocated at [(30)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/29)
but the "leak" is really saving the pointer in an uninitalized pointer in
a structure that was already freed when the malloc of the SysCounterInfo
struct failed in SyncCreateSystemCounter(), because it returned the address
of the freed struct instead of NULL to indicate failure.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2072>
(cherry picked from commit 6034ce11b6)
glamor_sync.c calls miSyncShmScreenInit if HAVE_XSHMFENCE is defined,
but it was only being built if either dri3 or xwayland were enabled.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2070>
(cherry picked from commit a8f8ec7e7d)
For cpu_family(), meson returns "sparc" for 32-bit sparc,
and "sparc64" for 64-bit sparc, regardless of the OS in use.
For cpu(), meson returns values like "sun4v" on Solaris/SPARC,
and doesn't promise stability of the values, or portability across
OS'es, unlike cpu_family().
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 908f0a488d)
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2077>
Simple confirmation of known values, not exhaustive testing.
Tested with SHA-1 implementations from:
- libcrypto (OpenSSL 3)
- libgcrypt
- libnettle
- Solaris libmd
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2066>
(cherry picked from commit 7013984b5f)
In the doListFontsWithInfo function in dixfonts.c, when a font alias is
encountered (err == FontNameAlias), the code saves the current state
and allocates memory for c->savedName.
If the malloc(namelen + 1) call fails, c->savedName remains NULL,
but c->haveSaved is still set to TRUE. Later, when a font is
successfully resolved (err == Successful), the code uses c->savedName
without checking if it is NULL, so there is potential null ptr
dereference. XNFalloc will check result of malloc and stop
program execution if allocation was failed.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1842
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2062>
(cherry picked from commit dd5c2595a4)
The LogVHdrMessageVerb function may access an array out of bounds in a
specific edge case. Specifically, the line:
newline = (buf[len - 1] == '\n');
can result in accessing buf[-1] if len == 0, which is undefined behavior.
Commit adds check to avoid access out of bounds at pointed line.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1841
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2061>
(cherry picked from commit 8d25a89143)
Commit d36f66f15d ("Check for duplicate output names") would walk the
list of existing outputs and leases to check that no other existing
output has the same name.
The change however, inadvertently reused the regular screen outputs when
searching the leased names.
Fix this by using the lease name, not the regular output names that we
already checked just above.
Found by SAST tool Svace.
Fixes: d36f66f15d - xwayland: Check for duplicate output names
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1843
Reviewed-by Olivier Fourdan <ofourdan@redhat.com>
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2063>
(cherry picked from commit b096785df4)
Commit 54f8fc4090 introduced the use of
wl_surface::set_buffer_scale, which is only available starting with
version 3 of the wl_compositor protocol. Because we already prefer
version 4 when available, this went unnoticed but broke versions 1, 2
and 3 when reaching the wl_surface::set_buffer_scale call.
This restores functionality for version 3 and properly document that
versions 1 and 2 are not supported anymore.
Signed-off-by: Nicolas Guichard <nicolas.guichard@kdab.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1862>
(cherry picked from commit bcc0587ab9)
The commit referenced below partially resolved an issue with grabs being made
on the root window. Unfortunately it assumes that the application uses
the same client for all windows. VMware Workstation uses nested windows
for each VM, each of which runs its own process with this own client.
Theses windows are managed by the GUI which is the top level for the
application and maps the windows based on which tab is selected.
Because the VM windows issue a grab on the root window and don't share
the same client as the GUI, grabs don't work properly with global shortcut
inhibition being completely broken.
Getting the parent top-level of the nested windows fixes this issue.
Fixes: c7730cfe55 ("xwayland: Translate keyboard grabs on the root window")
Signed-off-by: Ian Forbes <ian.forbes@broadcom.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2016>
(cherry picked from commit afc8b781d8)
CI meson-disable-options builds were failing with:
../hw/xwayland/xwayland-screen.c: In function ‘xwl_close_screen’:
../hw/xwayland/xwayland-screen.c:246:5: error: implicit declaration of
function ‘XaceDeleteCallback’; did you mean ‘DeleteCallback’?
[-Werror=implicit-function-declaration]
246 | XaceDeleteCallback(XACE_PROPERTY_ACCESS, xwl_access_property_callback, screen);
| ^~~~~~~~~~~~~~~~~~
| DeleteCallback
../hw/xwayland/xwayland-screen.c:246:24: error: ‘XACE_PROPERTY_ACCESS’
undeclared (first use in this function)
246 | XaceDeleteCallback(XACE_PROPERTY_ACCESS, xwl_access_property_callback, screen);
| ^~~~~~~~~~~~~~~~~~~~
../hw/xwayland/xwayland-screen.c: In function ‘xwl_screen_init’:
../hw/xwayland/xwayland-screen.c:1174:5: error: implicit declaration of
function ‘XaceRegisterCallback’ [-Werror=implicit-function-declaration]
1174 | XaceRegisterCallback(XACE_PROPERTY_ACCESS, xwl_access_property_callback, pScreen);
| ^~~~~~~~~~~~~~~~~~~~
../hw/xwayland/xwayland-screen.c:1174:26: error: ‘XACE_PROPERTY_ACCESS’
undeclared (first use in this function)
1174 | XaceRegisterCallback(XACE_PROPERTY_ACCESS, xwl_access_property_callback, pScreen);
| ^~~~~~~~~~~~~~~~~~~~
Fixes: a07c2cda9 ("xwayland: Add an XACE property access handler")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2056>
(cherry picked from commit 48acd1ae78)
CI meson-disable-options builds were failing with:
../hw/xfree86/drivers/modesetting/driver.c:127:5: error: ‘ms_device_match’
undeclared here (not in a function)
127 | ms_device_match,
| ^~~~~~~~~~~~~~~
../hw/xfree86/drivers/modesetting/driver.c: In function ‘ms_get_drm_master_fd’:
../hw/xfree86/drivers/modesetting/driver.c:1179:19: error: variable ‘pEnt’
set but not used [-Werror=unused-but-set-variable]
1179 | EntityInfoPtr pEnt;
| ^~~~
../hw/xfree86/drivers/modesetting/driver.c: At top level:
../hw/xfree86/drivers/modesetting/driver.c:84:13: error: ‘ms_pci_probe’
used but never defined [-Werror]
84 | static Bool ms_pci_probe(DriverPtr driver,
| ^~~~~~~~~~~~
../hw/xfree86/drivers/modesetting/driver.c:313:1: error: ‘probe_hw_pci’
defined but not used [-Werror=unused-function]
313 | probe_hw_pci(const char *dev, struct pci_device *pdev)
| ^~~~~~~~~~~~
Fixes: a72bdf170 ("modesetting: rewrite probing based on fbdev.")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2056>
(cherry picked from commit ec14ecf751)
Building with -Dxace=false was generating many failures of the form:
../dix/cursor.c: In function ‘AllocARGBCursor’:
../dix/cursor.c:281:10: error: implicit declaration of function
‘XaceHookResourceAccess’; did you mean ‘XaceHookPropertyAccess’?
[-Werror=implicit-function-declaration]
281 | rc = XaceHookResourceAccess(client, cid, X11_RESTYPE_CURSOR,
| ^~~~~~~~~~~~~~~~~~~~~~
| XaceHookPropertyAccess
Fixes: ae3c57333 ("xace: typesafe hook function for XACE_RESOURCE_ACCESS")
Fixes: 9524ffee8 ("xace: typesafe hook function for XACE_DEVICE_ACCESS")
Fixes: 67e468c8b ("xace: typesafe hook function for XACE_SEND_ACCESS")
Fixes: 3dfe00d5e ("xace: typesafe hook function for XACE_RECEIVE_ACCESS")
Fixes: 922b7685d ("xace: typesafe hook function for XACE_CLIENT_ACCESS")
Fixes: 0f6bb23bc ("xace: typesafe hook function for XACE_EXT_ACCESS")
Fixes: 47d6c3ad7 ("xace: typesafe hook function for XACE_SERVER_ACCESS")
Fixes: 51d8bcfc0 ("xace: typesafe hook function for XACE_SCREEN_ACCESS")
Fixes: 305f2d59d ("xace: typesafe hook function for XACE_SCREENSAVER_ACCESS")
Fixes: 591d95c79 ("xace: typesafe hook function for XACE_AUTH_AVAIL")
Fixes: facdaae4e ("xace: typesafe hook function for XACE_KEY_AVAIL")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2056>
(cherry picked from commit 8bbf497e22)
We have too many options to run an exhaustive matrix of the combinations,
but this should at least help us catch code that won't compile in many
of the ifdef paths we don't go down in the default configs.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2056>
(cherry picked from commit 6f6a635363)
Build breaks with gcc 14 & later when xf86bigfont is enabled:
../Xext/xf86bigfont.c: In function ‘XFree86BigfontExtensionInit’:
../Xext/xf86bigfont.c:709:28: error: implicit declaration of function
‘xfont2_allocate_font_private_index’;
did you mean ‘AllocateFontPrivateIndex’? [-Wimplicit-function-declaration]
709 | FontShmdescIndex = xfont2_allocate_font_private_index();
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| AllocateFontPrivateIndex
Fixes: 05a793f5b ("dix: Switch to the libXfont2 API (v2)")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2053>
(cherry picked from commit 0617f6075b)
In most typical Linux X servers (like Xvfb, Xephyr, or Xwayland),
no child process outlives the server, so this issue rarely arises.
However, in embedded X servers (based on Xvfb or Kdrive) or in
custom Xorg modules, the server might launch a long-running command
with regular fork+exec calls. If the X server crashes or exits while
that command is still running (for example, it spawns a tombstone
generator or any process that hangs or turns to zombie), the file
descriptor associated with the abstract socket can remain open in the
child process. This leads to the kernel refusing to allow another X
server to bind the same socket until the child process terminates
(because there is no explicit way to unlink abstract socket, unlike
Unix socket). By marking the file descriptor as close-on-exec, we
ensure it is automatically closed in child processes, preserving the
ability of a new X server process to bind the socket immediately.
Signed-off-by: Twaik Yont <9674930+twaik@users.noreply.github.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1906>
(cherry picked from commit 5568b0f83f)
Previously, when parsing multiple configuration files containing the same
section names, only the last occurrence of each section would be retained.
Earlier definitions were silently discarded due to unconditional memory
allocation and overwriting of pointers during parsing.
This resulted in incomplete or incorrect configuration state when users
intended to merge or extend configuration through multiple files.
The section parsing functions in Files.c, Flags.c, and Module.c now
accept existing section pointers. These functions allocate new memory only
if the input pointer is NULL, preserving earlier data when re-parsing.
read.c has been updated to detect and pass existing section pointers when
encountering duplicate sections across files, preventing loss of prior content.
With these changes, the parser properly accumulates and merges configuration
data across multiple files, ensuring that all relevant settings are preserved.
Fixes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/467
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2045>
(cherry picked from commit 9b6f72395a)
