fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-02-15 10:20:37 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
read-only mirror of https://gitlab.freedesktop.org/xorg/xserver
18467 commits 91 branches 540 tags 68 MiB
C 96.5%
Roff 1.1%
Objective-C 1%
Meson 0.8%
Python 0.2%
Other 0.2%
Find a file
Peter Hutterer 80437e2054 render: fix refcounting of glyphs during ProcRenderAddGlyphs 
Previously, AllocateGlyph would return a new glyph with refcount=0 and a
re-used glyph would end up not changing the refcount at all. The
resulting glyph_new array would thus have multiple entries pointing to
the same non-refcounted glyphs.

AddGlyph may free a glyph, resulting in a UAF when the same glyph
pointer is then later used.

Fix this by returning a refcount of 1 for a new glyph and always
incrementing the refcount for a re-used glyph, followed by dropping that
refcount back down again when we're done with it.

CVE-2024-31083, ZDI-CAN-22880

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
(cherry picked from commit bdca6c3d1f)
2026-01-19 12:32:24 -08:00
.gitlab-ci CI: add a driver build stage to check for header breakage 2026-01-19 12:32:22 -08:00
composite composite: Expose CompositeIsImplicitRedirectException 2023-07-18 09:34:39 +00:00
config config: wscons: fix warning on discarded const 2026-01-19 12:32:24 -08:00
damageext Remove autotools support 2021-10-27 13:15:40 +03:00
dbe dbe: drop obsolete NEED_DBE_PROTOCOL 2026-01-19 12:32:19 -08:00
dix dix: drop now obsolete cursorScreenDevPriv 2026-01-19 12:32:21 -08:00
doc dix: dixutils: make workQueue pointer dix-private 2026-01-19 12:32:18 -08:00
dri3 randr: move private definitons from randrstr.h to randrstr_priv.h 2026-01-19 12:32:18 -08:00
exa replace _X_INLINE by inline in internal static functions 2024-02-05 19:26:14 +00:00
fb fb: Fix 1bpp Xservers on "whitePixel=0, blackPixel=1" VRAMs 2024-01-03 19:43:16 +00:00
glamor glamor: drop duplicate _X_EXPORT from .c source 2026-01-19 12:32:19 -08:00
glx glx: move private definitions from vndserver.h to vndserver_priv.h 2026-01-19 12:32:18 -08:00
hw Xquartz: ProcAppleDRICreatePixmap needs to use unswapped length to send reply 2026-01-19 12:32:24 -08:00
include config: fix wscons backend on NetBSD 2026-01-19 12:32:24 -08:00
m4 Add ax_pthread.m4 to m4/ 2016-05-29 19:20:51 -07:00
man Xserver.man: Note that -byteswappedclients is the default in this release 2026-01-19 12:32:23 -08:00
mi mi: drop some dead code 2026-01-19 12:32:20 -08:00
miext os: move os_move_fd() out of public API 2026-01-19 12:32:20 -08:00
os os: move SELinux enforcement state to the extension 2026-01-19 12:32:24 -08:00
present randr: move private definitons from randrstr.h to randrstr_priv.h 2026-01-19 12:32:18 -08:00
pseudoramiX Remove autotools support 2021-10-27 13:15:40 +03:00
randr randr: drop duplicate _X_EXPORT from .c source 2026-01-19 12:32:19 -08:00
record record: Support architectures with sizeof(void*) > sizeof(long) 2023-12-17 19:30:52 +00:00
render render: fix refcounting of glyphs during ProcRenderAddGlyphs 2026-01-19 12:32:24 -08:00
test test: fix FTBS on missing xlib includes on NetBSD 2026-01-19 12:32:24 -08:00
Xext include: unpexport SELINUX_* consts from include/global.h 2026-01-19 12:32:24 -08:00
xfixes Remove "All rights reserved" from Oracle copyright notices 2023-02-25 09:40:41 -08:00
Xi Xi: ProcXIPassiveGrabDevice needs to use unswapped length to send reply 2026-01-19 12:32:24 -08:00
xkb xkb: drop duplicate _X_EXPORT from .c source 2026-01-19 12:32:19 -08:00
.appveyor.yml appveyor: Add libxcvt build dep 2021-11-04 13:03:25 +00:00
.dir-locals.el .dir-locals.el: Add missing final newline 2019-10-01 17:05:28 +00:00
.gitignore Clean up the .gitignore file 2024-01-12 00:50:24 +00:00
.gitlab-ci.yml CI: Only run the driver build job on Xorg changes 2026-01-19 12:32:22 -08:00
.mailmap Add a .mailmap file to canonicalize author names and emails 2023-03-15 18:10:51 +00:00
.travis.yml travis: Add OSX meson build to matrix 2019-05-02 15:42:58 +00:00
COPYING modesetting: Merge modesetting's COPYING into the xserver's. 2014-09-15 12:46:02 -07:00
meson.build test: fix FTBS on missing xlib includes on NetBSD 2026-01-19 12:32:24 -08:00
meson_options.txt xwayland/glamor: Drop the EGLStream backend 2026-01-19 12:32:21 -08:00
README.md Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
xorg-server.m4 xorg-server.m4: just all cflags instead of just sdkdir 2018-09-20 20:12:24 +01:00
xorg-server.pc.in xfree86: link modules against Xorg symbols on Cygwin 2012-04-05 21:57:07 -05:00
xserver.ent.in doc: relocate xserver.ent in the package root directory 2011-05-14 11:22:26 -07:00

README.md

X Server

The X server accepts requests from client applications to create windows, which are (normally rectangular) "virtual screens" that the client program can draw into.

Windows are then composed on the actual screen by the X server (or by a separate composite manager) as directed by the window manager, which usually communicates with the user via graphical controls such as buttons and draggable titlebars and borders.

For a comprehensive overview of X Server and X Window System, consult the following article: https://en.wikipedia.org/wiki/X_server

All questions regarding this software should be directed at the Xorg mailing list:

https://lists.freedesktop.org/mailman/listinfo/xorg

The primary development code repository can be found at:

https://gitlab.freedesktop.org/xorg/xserver

For patch submission instructions, see:

https://www.x.org/wiki/Development/Documentation/SubmittingPatches

As with other projects hosted on freedesktop.org, X.Org follows its Code of Conduct, based on the Contributor Covenant. Please conduct yourself in a respectful and civilized manner when using the above mailing lists, bug trackers, etc:

https://www.freedesktop.org/wiki/CodeOfConduct