From b8ea0ea7a6ef42f3a6b2bbbeaa5f685cabdabc632ee98740c4a2d3d313f31245 Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Tue, 18 Oct 2011 19:01:20 +0000 Subject: [PATCH] Accepting request 88616 from home:eeich:branches:X11:XOrg - U_Don-t-call-deleted-Bloxk-WakeupHandler.patch: Don't call deleted Bloxk/WakeupHandler() - this avoids crashes when handlers are unregistered from within a handler which are in the call chain behind the current handler (bnc #723777). - zap_warning_xserver.diff: Fix man page to match changed behavior. OBS-URL: https://build.opensuse.org/request/show/88616 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=356 --- ...n-t-call-deleted-Bloxk-WakeupHandler.patch | 51 +++++++++++++++++++ xorg-x11-server.changes | 15 ++++++ xorg-x11-server.spec | 2 + zap_warning_xserver.diff | 2 +- 4 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 U_Don-t-call-deleted-Bloxk-WakeupHandler.patch diff --git a/U_Don-t-call-deleted-Bloxk-WakeupHandler.patch b/U_Don-t-call-deleted-Bloxk-WakeupHandler.patch new file mode 100644 index 0000000..06c6034 --- /dev/null +++ b/U_Don-t-call-deleted-Bloxk-WakeupHandler.patch @@ -0,0 +1,51 @@ +From: Egbert Eich +Date: Tue Oct 18 20:22:38 2011 +0200 +Subject: [PATCH] Don't call deleted Bloxk/WakeupHandler() +Patch-Mainline: Upstream/2ee85d95 +Git-commit: b93eda251f0b6d0a1601511a55b060604919cc81 +References: bnc #723777 +Signed-off-by: Egbert Eich + +When Block/WakeupHandlers are unregistered from within a handler the +list of handlers is not corrected right away but they are marked as +deleted. +If a deleted handler in the handler list is located after the handler +that calls the unregister function it was still called, as the list was +only corrected after all handlers were processed. This could cause a +crash if the handler got passed a pointer to a data structure which was +no longer existing. +A check for the deleted flag solves this problem. + +Signed-off-by: Egbert Eich +--- + xorg-server-1.10.4/dix/dixutils.c | 10 ++++++---- + 1 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/xorg-server-1.10.4/dix/dixutils.c b/xorg-server-1.10.4/dix/dixutils.c +index 104363b..dd1c318 100644 +--- a/xorg-server-1.10.4/dix/dixutils.c ++++ b/xorg-server-1.10.4/dix/dixutils.c +@@ -386,8 +386,9 @@ BlockHandler(pointer pTimeout, pointer pReadmask) + screenInfo.screens[i]->blockData, + pTimeout, pReadmask); + for (i = 0; i < numHandlers; i++) +- (*handlers[i].BlockHandler) (handlers[i].blockData, +- pTimeout, pReadmask); ++ if (!handlers[i].deleted) ++ (*handlers[i].BlockHandler) (handlers[i].blockData, ++ pTimeout, pReadmask); + if (handlerDeleted) + { + for (i = 0; i < numHandlers;) +@@ -416,8 +417,9 @@ WakeupHandler(int result, pointer pReadmask) + + ++inHandler; + for (i = numHandlers - 1; i >= 0; i--) +- (*handlers[i].WakeupHandler) (handlers[i].blockData, +- result, pReadmask); ++ if (!handlers[i].deleted) ++ (*handlers[i].WakeupHandler) (handlers[i].blockData, ++ result, pReadmask); + for (i = 0; i < screenInfo.numScreens; i++) + (* screenInfo.screens[i]->WakeupHandler)(i, + screenInfo.screens[i]->wakeupData, diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index 0618041..603ea00 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Tue Oct 18 18:38:41 UTC 2011 - eich@suse.com + +- U_Don-t-call-deleted-Bloxk-WakeupHandler.patch: + Don't call deleted Bloxk/WakeupHandler() - this avoids + crashes when handlers are unregistered from within a handler + which are in the call chain behind the current handler + (bnc #723777). + +------------------------------------------------------------------- +Tue Oct 18 06:42:32 UTC 2011 - eich@suse.com + +- zap_warning_xserver.diff: + Fix man page to match changed behavior. + ------------------------------------------------------------------- Tue Sep 6 15:55:01 UTC 2011 - sndirsch@suse.com diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index dfcf88a..231f1b2 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -93,6 +93,7 @@ Patch211: 0001-Prevent-XSync-Alarms-from-senslessly-calling-CheckTr.patch Patch213: xorg-server-xdmcp.patch Patch220: Use-external-tool-for-creating-backtraces-on-crashes.patch Patch222: sync-fix.patch +Patch223: U_Don-t-call-deleted-Bloxk-WakeupHandler.patch %description This package contains the X.Org Server. @@ -200,6 +201,7 @@ popd # Disable backtrace generation patch for now #%patch220 -p1 %patch222 -p1 +%patch223 -p2 %build pushd xorg-docs-* diff --git a/zap_warning_xserver.diff b/zap_warning_xserver.diff index 9b24c3f..783243b 100644 --- a/zap_warning_xserver.diff +++ b/zap_warning_xserver.diff @@ -98,7 +98,7 @@ Index: xorg-server-1.6.3.901/hw/xfree86/common/xf86Config.c Default: off. .TP 7 +.BI "Option \*qZapWarning\*q \*q" boolean \*q -+This warns the user loudly when the ++This warns the user audibly when the +.B Ctrl+Alt+Backspace +sequence is pressed for the first time but still terminates the __xservername__ +server when this key-sequence is pressed again shortly after.