From c3db01d2731fe32f03c66a94b675317afca07b3ec73274f7a45bd7a0d753f47a Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Wed, 18 May 2016 17:02:36 +0000 Subject: [PATCH] - u_glxcmds-glXGetFBConfigs-fix-screen-bounds.patch: Fix crash due to oud of founds screen (boo#980382). OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/Mesa?expand=0&rev=515 --- Mesa.changes | 6 ++ Mesa.spec | 2 + ...ds-glXGetFBConfigs-fix-screen-bounds.patch | 69 +++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 u_glxcmds-glXGetFBConfigs-fix-screen-bounds.patch diff --git a/Mesa.changes b/Mesa.changes index 1e02f45..1239951 100644 --- a/Mesa.changes +++ b/Mesa.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed May 18 17:01:35 UTC 2016 - eich@suse.com + +- u_glxcmds-glXGetFBConfigs-fix-screen-bounds.patch: + Fix crash due to oud of founds screen (boo#980382). + ------------------------------------------------------------------- Mon May 9 15:24:00 UTC 2016 - mimi.vx@gmail.com diff --git a/Mesa.spec b/Mesa.spec index a5da7a3..c789603 100644 --- a/Mesa.spec +++ b/Mesa.spec @@ -69,6 +69,7 @@ Patch17: u_st-va-hardlink-driver-instances-to-gallium_drv_video.patch Patch18: n_VDPAU-XVMC-libs-Replace-hardlinks-with-copies.patch # Already upstream Patch21: n_Define-GLAPIVAR-separate-from-GLAPI.patch +Patch22: u_glxcmds-glXGetFBConfigs-fix-screen-bounds.patch BuildRequires: autoconf >= 2.60 BuildRequires: automake @@ -562,6 +563,7 @@ rm -rf docs/README.{VMS,WIN32,OS2} %patch17 -p1 %patch18 -p1 %patch21 -p1 +%patch22 -p1 %build %if 0%{?suse_version} >= 1310 diff --git a/u_glxcmds-glXGetFBConfigs-fix-screen-bounds.patch b/u_glxcmds-glXGetFBConfigs-fix-screen-bounds.patch new file mode 100644 index 0000000..3367af6 --- /dev/null +++ b/u_glxcmds-glXGetFBConfigs-fix-screen-bounds.patch @@ -0,0 +1,69 @@ +From: Jiri Slaby +Date: Tue May 17 08:22:42 2016 +0200 +Subject: glxcmds: glXGetFBConfigs, fix screen bounds +Patch-mainline: Not yet +Git-repo: git://anongit.freedesktop.org/git/mesa/mesa +Git-commit: 6aaa258229ec09f84ca51a728e125009ecee2d16 +References: boo#980382 + +Bounds of screen are 0 (inclusive) and ScreenCount(dpy) (exclusive). +The upper bound was too high: ScreenCount(dpy) (inclusive). + +This causes a crash invoked by java3d which passes down an invalid +screen: +6 0x00007f0e5198ba70 in () at /lib64/libc.so.6 +7 0x00007f0e14531e14 in glXGetFBConfigs (dpy=, screen=1, nelements=nelements@entry=0x7f0dab3c522c) at glxcmds.c:1660 +8 0x00007f0e14532f7f in glXChooseFBConfig (dpy=, screen=, attribList=0x7f0dab3c54e0, nitems=0x7f0dab3c535c) at glxcmds.c:1611 +9 0x00007f0e1478d29b in find_S_FBConfigs () at /usr/lib64/libj3dcore-ogl.so +10 0x00007f0e1478d3dc in find_S_S_FBConfigs () at /usr/lib64/libj3dcore-ogl.so +11 0x00007f0e1478d567 in find_AA_S_S_FBConfigs () at /usr/lib64/libj3dcore-ogl.so +12 0x00007f0e1478d728 in find_DB_AA_S_S_FBConfigs () at /usr/lib64/libj3dcore-ogl.so +13 0x00007f0e1478d97c in Java_javax_media_j3d_X11NativeConfigTemplate3D_chooseOglVisual () at /usr/lib64/libj3dcore-ogl.so + +While ScreenCount(dpy) is actually 1: +(gdb) p dpy->nscreens +$2 = 1 +screen=1 is passed to glXGetFBConfigs. + +Easily reproducible by: + #include + + #include + #include + + int main() + { + unsigned a; + int n; + Display *d = XOpenDisplay(":0"); + GLXFBConfig *cfg; + + for (a = 0; a <= ScreenCount(d); a++) + cfg = glXGetFBConfigs(d, a, &n); + + XCloseDisplay(d); + + return 0; + } + +Fix this typo in glXGetFBConfigs. + +Signed-off-by: Jiri Slaby +Cc: +Signed-off-by: Egbert Eich +--- + src/glx/glxcmds.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) +diff --git a/src/glx/glxcmds.c b/src/glx/glxcmds.c +index 63f4921..46bc214 100644 +--- a/src/glx/glxcmds.c ++++ b/src/glx/glxcmds.c +@@ -1657,7 +1657,7 @@ glXGetFBConfigs(Display * dpy, int screen, int *nelements) + + *nelements = 0; + if (priv && (priv->screens != NULL) +- && (screen >= 0) && (screen <= ScreenCount(dpy)) ++ && (screen >= 0) && (screen < ScreenCount(dpy)) + && (priv->screens[screen]->configs != NULL) + && (priv->screens[screen]->configs->fbconfigID + != (int) GLX_DONT_CARE)) {