From 936084b9c068f0e988b0ec3b6bbd12322b9424ebfa1a2e9e03afac18f064077a Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 5 Nov 2016 22:21:24 +0000 Subject: [PATCH] Accepting request 438867 from home:Zaitor:branches:X11:Wayland Add patch from upstream OBS-URL: https://build.opensuse.org/request/show/438867 OBS-URL: https://build.opensuse.org/package/show/X11:Wayland/wayland?expand=0&rev=72 --- ...t_data_to_invalid_address_after_free.patch | 50 +++++++++++++++++++ wayland.changes | 7 +++ wayland.spec | 3 ++ 3 files changed, 60 insertions(+) create mode 100644 wayland-wl_array_Set_data_to_invalid_address_after_free.patch diff --git a/wayland-wl_array_Set_data_to_invalid_address_after_free.patch b/wayland-wl_array_Set_data_to_invalid_address_after_free.patch new file mode 100644 index 0000000..228a12d --- /dev/null +++ b/wayland-wl_array_Set_data_to_invalid_address_after_free.patch @@ -0,0 +1,50 @@ + +m e8ad23266f36521215dcd7cfcc524e0ef67d66dd Mon Sep 17 00:00:00 2001 +From: Yong Bakos +Date: Tue, 27 Sep 2016 13:03:48 -0500 +Subject: wl_array: Set data to invalid address after free + +Explicitly set the data member to an invalid memory address during +wl_array_release, such that re-using a freed wl_array without re-initializing +causes a crash. In addition, this pointer assignment makes wl_array_release +testable. + +Define a constant for the invalid memory address, and add documentation about +this behavior, starting at libwayland version 1.13. + +See https://lists.freedesktop.org/archives/wayland-devel/2016-September/031116.html + +Signed-off-by: Yong Bakos +Reviewed-by: Eric Engestrom +[Pekka: remove the doc about crashing] +Signed-off-by: Pekka Paalanen + +diff --git a/src/wayland-private.h b/src/wayland-private.h +index ac712d9..ef58ccf 100644 +--- a/src/wayland-private.h ++++ b/src/wayland-private.h +@@ -36,6 +36,9 @@ + + #include "wayland-util.h" + ++/* Invalid memory address */ ++#define WL_ARRAY_POISON_PTR (void *) 4 ++ + #define ARRAY_LENGTH(a) (sizeof (a) / sizeof (a)[0]) + + #define container_of(ptr, type, member) ({ \ +diff --git a/src/wayland-util.c b/src/wayland-util.c +index 639ccf8..077fec7 100644 +--- a/src/wayland-util.c ++++ b/src/wayland-util.c +@@ -102,6 +102,7 @@ WL_EXPORT void + wl_array_release(struct wl_array *array) + { + free(array->data); ++ array->data = WL_ARRAY_POISON_PTR; + } + + WL_EXPORT void * +-- +cgit v0.10.2 + diff --git a/wayland.changes b/wayland.changes index 4ebdb4e..216ff23 100644 --- a/wayland.changes +++ b/wayland.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sat Nov 5 21:51:01 UTC 2016 - zaitor@opensuse.org + +- Add + wayland-wl_array_Set_data_to_invalid_address_after_free.patch: + Crash fix patch from upstream git. + ------------------------------------------------------------------- Wed Sep 21 05:11:07 UTC 2016 - jengelh@inai.de diff --git a/wayland.spec b/wayland.spec index 21ac87e..104d2c5 100644 --- a/wayland.spec +++ b/wayland.spec @@ -31,6 +31,8 @@ Source: http://wayland.freedesktop.org/releases/%name-%version.tar.xz Source2: http://wayland.freedesktop.org/releases/%name-%version.tar.xz.sig Source3: %name.keyring Source4: baselibs.conf +# PATCH-FIX-UPSTREAM wayland-wl_array_Set_data_to_invalid_address_after_free.patch zaitor@opensuse.org -- Fix a crash after free. +Patch0: wayland-wl_array_Set_data_to_invalid_address_after_free.patch #git#BuildRequires: autoconf >= 2.64 #git#BuildRequires: automake >= 1.11 #git#BuildRequires: libtool >= 2.2 @@ -120,6 +122,7 @@ This subpackage contains the documentation to Wayland. %prep %setup -q +%patch0 -p1 %build if [ ! -e configure ]; then