forked from pool/xorg-x11-server
Accepting request 833405 from X11:XOrg
OBS-URL: https://build.opensuse.org/request/show/833405 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=386
This commit is contained in:
commit
0a637bda56
33
U_xfree86_take_second_ref_for_xcursor.patch
Normal file
33
U_xfree86_take_second_ref_for_xcursor.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 919f1f46fc67dae93b2b3f278fcbfc77af34ec58 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer@redhat.com>
|
||||
Date: Mon, 31 Aug 2020 12:10:43 +0200
|
||||
Subject: [PATCH] xfree86: Take second reference for SavedCursor in
|
||||
xf86CursorSetCursor
|
||||
|
||||
The same pointer is kept in CurrentCursor as well, therefore two
|
||||
RefCursor calls are needed.
|
||||
|
||||
Fixes use-after-free after switching VTs.
|
||||
|
||||
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1067
|
||||
---
|
||||
hw/xfree86/ramdac/xf86CursorRD.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/hw/xfree86/ramdac/xf86CursorRD.c b/hw/xfree86/ramdac/xf86CursorRD.c
|
||||
index 9aa3de97b..c8362d169 100644
|
||||
--- a/hw/xfree86/ramdac/xf86CursorRD.c
|
||||
+++ b/hw/xfree86/ramdac/xf86CursorRD.c
|
||||
@@ -334,6 +334,9 @@ xf86CursorSetCursor(DeviceIntPtr pDev, ScreenPtr pScreen, CursorPtr pCurs,
|
||||
ScreenPriv->HotY = cursor->bits->yhot;
|
||||
|
||||
if (!infoPtr->pScrn->vtSema) {
|
||||
+ cursor = RefCursor(cursor);
|
||||
+ if (ScreenPriv->SavedCursor)
|
||||
+ FreeCursor(ScreenPriv->SavedCursor, None);
|
||||
ScreenPriv->SavedCursor = cursor;
|
||||
return;
|
||||
}
|
||||
--
|
||||
2.28.0
|
||||
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 9 18:50:37 UTC 2020 - Michael Gorse <mgorse@suse.com>
|
||||
|
||||
-Add U_xfree86_take_second_ref_for_xcursor.patch: fix
|
||||
use-after-free when switching VTs.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 27 19:29:29 UTC 2020 - bjorn.lie@gmail.com
|
||||
|
||||
|
@ -249,6 +249,7 @@ Patch1503: u_xfree86-Do-not-claim-pci-slots-if-fb-slot-is-already.patch
|
||||
Patch1505: U_xwayland-Allow-passing-a-fd.patch
|
||||
|
||||
Patch1600: U_glamor_egl-Reject-OpenGL-2.1-early-on.patch
|
||||
Patch1700: U_xfree86_take_second_ref_for_xcursor.patch
|
||||
|
||||
%description
|
||||
This package contains the X.Org Server.
|
||||
@ -398,6 +399,7 @@ sh %{SOURCE92} --verify . %{SOURCE91}
|
||||
%patch1503 -p1
|
||||
%patch1505 -p1
|
||||
%patch1600 -p1
|
||||
%patch1700 -p1
|
||||
|
||||
%build
|
||||
%define _lto_cflags %{nil}
|
||||
|
Loading…
Reference in New Issue
Block a user