forked from pool/xorg-x11-server
Accepting request 210810 from home:michalsrb:branches:X11:XOrg
- u_exa-only-draw-valid-trapezoids.patch * Fix possible x server crash using invalid trapezoids. (bnc#853846 CVE-2013-6424) OBS-URL: https://build.opensuse.org/request/show/210810 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=482
This commit is contained in:
parent
63af0702ac
commit
3918e2962c
33
u_exa-only-draw-valid-trapezoids.patch
Normal file
33
u_exa-only-draw-valid-trapezoids.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
Author: Maarten Lankhorst <maarten.lankhorst@canonical.com>
|
||||||
|
Subject: exa: only draw valid trapezoids
|
||||||
|
Patch-Mainline: To be upstreamed
|
||||||
|
References: bnc#853846 CVE-2013-6424
|
||||||
|
Signed-off-by: Michal Srb <msrb@suse.com>
|
||||||
|
|
||||||
|
diff --git a/exa/exa_render.c b/exa/exa_render.c
|
||||||
|
index 172e2b5..807eeba 100644
|
||||||
|
--- a/exa/exa_render.c
|
||||||
|
+++ b/exa/exa_render.c
|
||||||
|
@@ -1141,7 +1141,8 @@ exaTrapezoids(CARD8 op, PicturePtr pSrc, PicturePtr pDst,
|
||||||
|
|
||||||
|
exaPrepareAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
|
||||||
|
for (; ntrap; ntrap--, traps++)
|
||||||
|
- (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
|
||||||
|
+ if (xTrapezoidValid(traps))
|
||||||
|
+ (*ps->RasterizeTrapezoid) (pPicture, traps, -bounds.x1, -bounds.y1);
|
||||||
|
exaFinishAccess(pPicture->pDrawable, EXA_PREPARE_DEST);
|
||||||
|
|
||||||
|
xRel = bounds.x1 + xSrc - xDst;
|
||||||
|
diff --git a/render/picture.h b/render/picture.h
|
||||||
|
index c85353a..fcd6401 100644
|
||||||
|
--- a/render/picture.h
|
||||||
|
+++ b/render/picture.h
|
||||||
|
@@ -211,7 +211,7 @@ typedef pixman_fixed_t xFixed;
|
||||||
|
/* whether 't' is a well defined not obviously empty trapezoid */
|
||||||
|
#define xTrapezoidValid(t) ((t)->left.p1.y != (t)->left.p2.y && \
|
||||||
|
(t)->right.p1.y != (t)->right.p2.y && \
|
||||||
|
- (int) ((t)->bottom - (t)->top) > 0)
|
||||||
|
+ ((t)->bottom > (t)->top))
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Standard NTSC luminance conversions:
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 12 14:57:15 UTC 2013 - msrb@suse.com
|
||||||
|
|
||||||
|
- u_exa-only-draw-valid-trapezoids.patch
|
||||||
|
* Fix possible x server crash using invalid trapezoids.
|
||||||
|
(bnc#853846 CVE-2013-6424)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Dec 12 14:27:20 UTC 2013 - eich@suse.com
|
Thu Dec 12 14:27:20 UTC 2013 - eich@suse.com
|
||||||
|
|
||||||
|
@ -128,6 +128,8 @@ Patch102: u_x86emu-include-order.patch
|
|||||||
Patch103: u_randr_allow_rrselectinput_for_providerchange_and_resourcechange_events.patch
|
Patch103: u_randr_allow_rrselectinput_for_providerchange_and_resourcechange_events.patch
|
||||||
Patch104: u_xorg-server-xdmcp.patch
|
Patch104: u_xorg-server-xdmcp.patch
|
||||||
Patch105: ux_xserver_xvfb-randr.patch
|
Patch105: ux_xserver_xvfb-randr.patch
|
||||||
|
# PATCH-FIX-UPSTREAM u_exa-only-draw-valid-trapezoids.patch bnc#853846 msrb@suse.com -- Fixes possible crash of server using invalid trapezoids. 2013-12-12 patch is waiting in mailing list to be upstreamed.
|
||||||
|
Patch106: u_exa-only-draw-valid-trapezoids.patch
|
||||||
|
|
||||||
Patch162: b_cache-xkbcomp-output-for-fast-start-up.patch
|
Patch162: b_cache-xkbcomp-output-for-fast-start-up.patch
|
||||||
Patch211: b_0001-Prevent-XSync-Alarms-from-senslessly-calling-CheckTr.patch
|
Patch211: b_0001-Prevent-XSync-Alarms-from-senslessly-calling-CheckTr.patch
|
||||||
@ -199,6 +201,7 @@ cp %{SOURCE90} .
|
|||||||
%patch103 -p1
|
%patch103 -p1
|
||||||
%patch104 -p1
|
%patch104 -p1
|
||||||
%patch105 -p1
|
%patch105 -p1
|
||||||
|
%patch106 -p1
|
||||||
|
|
||||||
### disabled for now
|
### disabled for now
|
||||||
#%patch162 -p1
|
#%patch162 -p1
|
||||||
|
Loading…
Reference in New Issue
Block a user