From 13446b4f7b33b40d460b07ec13eb9f9073d9413d97ea1b1d18f8be9c8b894198 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Thu, 17 Mar 2011 17:02:04 +0000 Subject: [PATCH] - Replace-malloc-with-calloc-to-initialize-the-buffers.patch * Replace malloc with calloc to initialize the buffers[] as NULL in do_get_buffers function (bnc #673595) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=337 --- ...ith-calloc-to-initialize-the-buffers.patch | 34 +++++++++++++++++++ xorg-x11-server.changes | 7 ++++ xorg-x11-server.spec | 2 ++ 3 files changed, 43 insertions(+) create mode 100644 Replace-malloc-with-calloc-to-initialize-the-buffers.patch diff --git a/Replace-malloc-with-calloc-to-initialize-the-buffers.patch b/Replace-malloc-with-calloc-to-initialize-the-buffers.patch new file mode 100644 index 0000000..a65201b --- /dev/null +++ b/Replace-malloc-with-calloc-to-initialize-the-buffers.patch @@ -0,0 +1,34 @@ +From a73c28f0bdafb1c5cb8129179188a99c0ca052e2 Mon Sep 17 00:00:00 2001 +From: Justin Dou +Date: Thu, 10 Feb 2011 16:27:29 -0500 +Subject: [PATCH] Replace malloc with calloc to initialize the buffers[] as NULL in do_get_buffers function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The calling for allocate_or_reuse_buffer may fail due to some reason, e.g. out of memory. +If the buffers[] were not initialized to be NULL, the following err_out may try to access an illegal memory, which will cause X crash afterward. + +Reviewed-by: Kristian Høgsberg +Signed-off-by: Justin Dou +Signed-off-by: Keith Packard +--- + hw/xfree86/dri2/dri2.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/hw/xfree86/dri2/dri2.c b/hw/xfree86/dri2/dri2.c +index 39996f9..9ca378f 100644 +--- a/hw/xfree86/dri2/dri2.c ++++ b/hw/xfree86/dri2/dri2.c +@@ -403,7 +403,7 @@ do_get_buffers(DrawablePtr pDraw, int *width, int *height, + && (pDraw->height == pPriv->height) + && (pPriv->serialNumber == DRI2DrawableSerial(pDraw)); + +- buffers = malloc((count + 1) * sizeof(buffers[0])); ++ buffers = calloc((count + 1), sizeof(buffers[0])); + + for (i = 0; i < count; i++) { + const unsigned attachment = *(attachments++); +-- +1.7.4.1 + diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index ab54acc..7ab1b22 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Mar 17 16:55:16 UTC 2011 - sndirsch@novell.com + +- Replace-malloc-with-calloc-to-initialize-the-buffers.patch + * Replace malloc with calloc to initialize the buffers[] as NULL + in do_get_buffers function (bnc #673595) + ------------------------------------------------------------------- Thu Mar 17 13:35:55 UTC 2011 - sndirsch@novell.com diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 190ab45..b3bcab5 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -123,6 +123,7 @@ Patch223: use-last-screen.patch Patch224: pad-size-of-system-memory-copy-for-1x1-pixmaps Patch225: xorg-server-stop-cpu-eating.diff Patch226: record-avoid-crash-when-calling-RecordFlushReplyBuff.patch +Patch227: Replace-malloc-with-calloc-to-initialize-the-buffers.patch %if %moblin Patch300: moblin-use_preferred_mode_for_all_outputs.diff %endif @@ -257,6 +258,7 @@ popd %patch224 -p1 %patch225 -p1 %patch226 -p1 +%patch227 -p1 %if %moblin %patch300 -p1 %endif