fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-05-07 09:48:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
read-only mirror of https://gitlab.freedesktop.org/xorg/xserver
14789 commits 91 branches 544 tags 60 MiB
C 96.5%
Roff 1.1%
Objective-C 1%
Meson 0.8%
Python 0.2%
Other 0.2%
Find a file
Martin Peres bbf1893cc0 os: make sure the clientsWritable fd_set is initialized before use 
In WaitForSomething(), the fd_set clientsWritable may be used
unitialized when the boolean AnyClientsWriteBlocked is set in the
WakeupHandler(). This leads to a crash in FlushAllOutput() after
x11proto's commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7.

The problem did not manifest before because both the XFD_SIZE and the
maximum number of clients were set to 256. As the connectionTranslation
table was initalized for the 256 clients to 0, the test on the index not
being 0 was aborting before dereferencing the client #0.

As of commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7 in x11proto, the
XFD_SIZE got bumped to 512. This lead the OutputPending fd_set to have
any fd above 256 to be uninitialized which in turns lead to reading an
index after the end of the ConnectionTranslation table. This index would
then be used to find the client corresponding to the fd marked as
pending writes and would also result to an out-of-bound access which
would usually be the fatal one.

Fix this by zeroing the clientsWritable fd_set at the beginning of
WaitForSomething(). In this case, the bottom part of the loop, which
would indirectly call FlushAllOutput, will not do any work but the next
call to select will result in the execution of the right codepath. This
is exactly what we want because we need to know the writable clients
before handling them. In the end, it also makes sure that the fds above
MaxClient are initialized, preventing the crash in FlushAllOutput().

Thanks to everyone involved in tracking this one down!

Reported-by: Karol Herbst <freedesktop@karolherbst.de>
Reported-by: Tobias Klausmann <tobias.klausmann@mni.thm.de>
Signed-off-by: Martin Peres <martin.peres@linux.intel.com>
Tested-by: Tobias Klausmann <tobias.klausmann@mni.thm.de>
Tested-by: Martin Peres <martin.peres@linux.intel.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91316
Cc: Ilia Mirkin  <imirkin@alum.mit.edu>
Cc: Olivier Fourdan <ofourdan@redhat.com
Cc: Adam Jackson <ajax@redhat.com>
Cc: Alan Coopersmith <alan.coopersmith@oracle.com
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2015-10-27 16:12:03 -04:00
composite Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
config config/udev: Respect seat assignments when assigned devices 2015-01-30 14:09:24 +01:00
damageext Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
dbe dbe: Call to DDX SwapBuffers requires address of int, not unsigned int [CVE-2014-8097 pt. 2] 2014-12-09 11:26:58 -08:00
dix fonts: Continue when font calls return Suspended more than once 2015-10-26 12:20:46 -04:00
doc doc: Create a script to filter xmlto output 2015-01-05 14:24:06 -08:00
dri3 dri3: unvalidated lengths in DRI3 extension swapped procs [CVE-2014-8103 1/2] 2014-12-08 18:09:48 -08:00
exa exa: initialise mask_off_x and mask_off_y 2015-10-26 12:19:36 -04:00
fb Fix alphamap interactions with wfb 2015-10-26 12:20:06 -04:00
glamor glamor: Don't try to free the pixmap priv if we fail to allocate FBO. 2015-10-26 11:52:58 -04:00
glx glx: Fix header length error checking in __glXDisp_RenderLarge 2015-10-26 12:20:41 -04:00
hw DRI2: Sync radeonsi_pci_ids.h from Mesa 2015-10-27 11:10:44 -04:00
include Get rid of const warnings in XSERVER_INPUT_EVENT dtrace probe calls 2015-07-29 11:16:32 -04:00
m4 xorg-tls: fix warning, replace AC_TRY_COMPILE with AC_COMPILE_IFELSE 2014-01-22 11:18:42 -08:00
man man: Fix case for MIT-unspecified. 2015-10-26 12:19:28 -04:00
mi mi: Correct a miscall of abs() to instead call fabs() 2015-10-26 12:20:17 -04:00
miext rootless: Fix bogus handling of broken root clip 2015-10-26 12:19:15 -04:00
os os: make sure the clientsWritable fd_set is initialized before use 2015-10-27 16:12:03 -04:00
present present: Fix missed notify MSC computation 2015-10-26 12:20:55 -04:00
pseudoramiX pseudoramiX: Add _X_ATTRIBUTE_PRINTF attributes to debug functions. 2014-01-27 11:38:34 -08:00
randr randr: Correct a miscall of abs() to instead call fabs() 2015-10-26 12:20:24 -04:00
record Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
render render: Propagate allocation failure from createSourcePicture() 2015-10-26 12:20:11 -04:00
test Add REQUEST_FIXED_SIZE testcases to test/misc.c 2014-12-08 18:09:49 -08:00
Xext Xext: fix build with --disable-xace 2015-10-27 11:10:52 -04:00
xfixes xfixes: unvalidated length in SProcXFixesSelectSelectionInput [CVE-2014-8102] 2014-12-08 18:09:48 -08:00
Xi dix: Send KeyPress and KeyRelease events to the XACE_KEY_AVAIL hook 2015-07-29 11:16:33 -04:00
xkb xkb: Check strings length against request size 2015-02-10 14:40:00 -08:00
.dir-locals.el Add .dir-locals.el 2013-08-17 12:17:36 +02:00
.gitignore .gitignore: Add new autotools file 'test-driver' 2014-04-21 13:41:42 -07:00
autogen.sh autogen.sh: Honor NOCONFIGURE=1 2012-10-19 13:12:33 +10:00
configure.ac xserver 1.17.3 2015-10-26 13:03:59 -04:00
COPYING modesetting: Merge modesetting's COPYING into the xserver's. 2014-09-15 12:46:02 -07:00
devbook.am doc: Create a script to filter xmlto output 2015-01-05 14:24:06 -08:00
docbook.am docbook.am: embed css styles inside the HTML HEAD element 2011-09-21 14:07:49 -07:00
fix-miregion Change region implementation names to eliminate the 'mi' prefix 2010-06-05 17:47:32 -07:00
fix-miregion-private Change region implementation names to eliminate the 'mi' prefix 2010-06-05 17:47:32 -07:00
fix-patch-whitespace Rename region macros to eliminate screen argument 2010-06-05 18:59:00 -07:00
fix-region Rename region macros to eliminate screen argument 2010-06-05 18:59:00 -07:00
Makefile.am DIST_SUBDIRS needs to include glamor, even if it isn't built 2014-02-13 15:25:56 -08:00
manpages.am Xorg: Add a suid root wrapper 2014-03-12 08:50:05 +01:00
README packaging: provide a default README file #24206 2010-01-27 14:00:17 -08:00
xorg-server.m4 macros: clarify documentation 2012-11-05 13:24:57 -06:00
xorg-server.pc.in xfree86: link modules against Xorg symbols on Cygwin 2012-04-05 21:57:07 -05:00
xserver.ent.in doc: relocate xserver.ent in the package root directory 2011-05-14 11:22:26 -07:00

README 

					X Server

The X server accepts requests from client applications to create windows,
which are (normally rectangular) "virtual screens" that the client program
can draw into.

Windows are then composed on the actual screen by the X server
(or by a separate composite manager) as directed by the window manager,
which usually communicates with the user via graphical controls such as buttons
and draggable titlebars and borders.

For a comprehensive overview of X Server and X Window System, consult the
following article:
http://en.wikipedia.org/wiki/X_server

All questions regarding this software should be directed at the
Xorg mailing list:

        http://lists.freedesktop.org/mailman/listinfo/xorg

Please submit bug reports to the Xorg bugzilla:

        https://bugs.freedesktop.org/enter_bug.cgi?product=xorg

The master development code repository can be found at:

        git://anongit.freedesktop.org/git/xorg/xserver

        http://cgit.freedesktop.org/xorg/xserver

For patch submission instructions, see:

	http://www.x.org/wiki/Development/Documentation/SubmittingPatches

For more information on the git code manager, see:

        http://wiki.x.org/wiki/GitPage