pool/xorg-x11-server
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xorg-x11-server/b_sync-fix.patch

59 lines
2.2 KiB
Diff
Raw Normal View History

- U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch * Use-after-free of the root cursor (CVE-2025-26594, bsc#1237427) - U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch * Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429) - U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch * Heap overflow in XkbWriteKeySyms() (CVE-2025-26596, bsc#1237430) - U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch * Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597, bsc#1237431) - U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch * Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598, bsc#1237432) - U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch * Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599, bsc#1237433) - U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch * Use-after-free in PlayReleasedEvents() (CVE-2025-26600, bsc#1237434) - U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch * Use-after-free in SyncInitTrigger() (CVE-2025-26601, bsc#1237435) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=907
2025-02-25 18:04:55 +00:00
Index: xorg-server-1.12.1/Xext/sync.c
===================================================================
--- xorg-server-1.12.1.orig/Xext/sync.c
+++ xorg-server-1.12.1/Xext/sync.c
@@ -2615,9 +2615,43 @@ static XSyncValue *pIdleTimeValueGreater
static void
IdleTimeQueryValue(pointer pCounter, CARD64 * pValue_return)
{
- CARD32 idle = GetTimeInMillis() - lastDeviceEventTime.milliseconds;
+ static CARD32 previousLastDeviceEventTimeMilliseconds = 0;
+ CARD32 now = GetTimeInMillis();
+ CARD32 idle = now - lastDeviceEventTime.milliseconds;
+ CARD32 previousIdle = now - previousLastDeviceEventTimeMilliseconds;
+ SyncCounter *pIdleTimeCounter = (SyncCounter*)pCounter;
XSyncIntsToValue(pValue_return, idle, 0);
+ if (pCounter == NULL)
+ {
+ return;
+ }
+ if (previousLastDeviceEventTimeMilliseconds == 0)
+ {
+ /* initialize static var when this function is invoked the first time. */
+ previousLastDeviceEventTimeMilliseconds = lastDeviceEventTime.milliseconds;
+ return;
+ }
+
+ if (previousLastDeviceEventTimeMilliseconds == lastDeviceEventTime.milliseconds)
+ {
+ /* no new user event, no need to change idle counter. */
+ return;
+ }
+ previousLastDeviceEventTimeMilliseconds = lastDeviceEventTime.milliseconds;
+
+ /*
+ * Some user event occured; now update idle counter with previous
+ * event time, so idle counter has the most up-to-date value with
+ * respect to previous user event (we need old and new counter
+ * value to compute if a transition occured). Recompute bracket
+ * values if this is system counter.
+ */
+
+ XSyncIntsToValue (&pIdleTimeCounter->value, previousIdle, 0);
+ if (IsSystemCounter(pIdleTimeCounter)) {
+ SyncComputeBracketValues(pIdleTimeCounter);
+ }
}
static void
@@ -2700,7 +2734,7 @@ IdleTimeWakeupHandler(pointer env, int r
if (!pIdleTimeValueLess && !pIdleTimeValueGreater)
return;
- IdleTimeQueryValue(NULL, &idle);
+ IdleTimeQueryValue(IdleTimeCounter, &idle);
if ((pIdleTimeValueGreater &&
XSyncValueGreaterOrEqual(idle, *pIdleTimeValueGreater)) ||
Reference in New Issue Copy Permalink