forked from pool/xorg-x11-server
- Update to version 1.17.4:
Minor brown-bag release. The important fix here is Martin's clientsWritable change which fixes a crash when built against xproto 7.0.28. - supersedes u_0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=588
This commit is contained in:
parent
052cb7e1e2
commit
79b9f70dc6
@ -1,63 +0,0 @@
|
|||||||
From 7cc7ffd25d5e50b54cb942d07d4cb160f20ff9c5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Martin Peres <martin.peres@linux.intel.com>
|
|
||||||
Date: Fri, 17 Jul 2015 17:21:26 +0300
|
|
||||||
Subject: [PATCH] os: make sure the clientsWritable fd_set is initialized
|
|
||||||
before use
|
|
||||||
|
|
||||||
In WaitForSomething(), the fd_set clientsWritable may be used unitialized when
|
|
||||||
the boolean AnyClientsWriteBlocked is set in the WakeupHandler(). This leads to
|
|
||||||
a crash in FlushAllOutput() after x11proto's commit
|
|
||||||
2c94cdb453bc641246cc8b9a876da9799bee1ce7.
|
|
||||||
|
|
||||||
The problem did not manifest before because both the XFD_SIZE and the maximum
|
|
||||||
number of clients were set to 256. As the connectionTranslation table was
|
|
||||||
initalized for the 256 clients to 0, the test on the index not being 0 was
|
|
||||||
aborting before dereferencing the client #0.
|
|
||||||
|
|
||||||
As of commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7 in x11proto, the XFD_SIZE
|
|
||||||
got bumped to 512. This lead the OutputPending fd_set to have any fd above 256
|
|
||||||
to be uninitialized which in turns lead to reading an index after the end of
|
|
||||||
the ConnectionTranslation table. This index would then be used to find the
|
|
||||||
client corresponding to the fd marked as pending writes and would also result
|
|
||||||
to an out-of-bound access which would usually be the fatal one.
|
|
||||||
|
|
||||||
Fix this by zeroing the clientsWritable fd_set at the beginning of
|
|
||||||
WaitForSomething(). In this case, the bottom part of the loop, which would
|
|
||||||
indirectly call FlushAllOutput, will not do any work but the next call to
|
|
||||||
select will result in the execution of the right codepath. This is exactly what
|
|
||||||
we want because we need to know the writable clients before handling them. In
|
|
||||||
the end, it also makes sure that the fds above MaxClient are initialized,
|
|
||||||
preventing the crash in FlushAllOutput().
|
|
||||||
|
|
||||||
Thanks to everyone involved in tracking this one down!
|
|
||||||
|
|
||||||
Reported-by: Karol Herbst <freedesktop@karolherbst.de>
|
|
||||||
Reported-by: Tobias Klausmann <tobias.klausmann@mni.thm.de>
|
|
||||||
Signed-off-by: Martin Peres <martin.peres@linux.intel.com>
|
|
||||||
Tested-by: Martin Peres <martin.peres@linux.intel.com>
|
|
||||||
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91316
|
|
||||||
Cc: Ilia Mirkin <imirkin@alum.mit.edu>
|
|
||||||
Cc: Martin Peres <martin.peres@linux.intel.com>
|
|
||||||
Cc: Olivier Fourdan <ofourdan@redhat.com
|
|
||||||
Cc: Adam Jackson <ajax@redhat.com>
|
|
||||||
Cc: Alan Coopersmith <alan.coopersmith@oracle.com
|
|
||||||
Cc: Chris Wilson <chris@chris-wilson.co.uk>
|
|
||||||
---
|
|
||||||
os/WaitFor.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/os/WaitFor.c b/os/WaitFor.c
|
|
||||||
index 431f1a6..993c14e 100644
|
|
||||||
--- a/os/WaitFor.c
|
|
||||||
+++ b/os/WaitFor.c
|
|
||||||
@@ -158,6 +158,7 @@ WaitForSomething(int *pClientsReady)
|
|
||||||
Bool someReady = FALSE;
|
|
||||||
|
|
||||||
FD_ZERO(&clientsReadable);
|
|
||||||
+ FD_ZERO(&clientsWritable);
|
|
||||||
|
|
||||||
if (nready)
|
|
||||||
SmartScheduleStopTimer();
|
|
||||||
--
|
|
||||||
2.4.5
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:89b5c6b7e7ec4731645283d2178f607825b75a470e76b3ad3cb1c1dbd2456b73
|
|
||||||
size 5790514
|
|
3
xorg-server-1.17.4.tar.bz2
Normal file
3
xorg-server-1.17.4.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:0c4b45c116a812a996eb432d8508cf26c2ec8c3916ff2a50781796882f8d6457
|
||||||
|
size 5791384
|
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 28 17:32:07 UTC 2015 - sndirsch@suse.com
|
||||||
|
|
||||||
|
- Update to version 1.17.4:
|
||||||
|
Minor brown-bag release. The important fix here is Martin's
|
||||||
|
clientsWritable change which fixes a crash when built against
|
||||||
|
xproto 7.0.28.
|
||||||
|
- supersedes u_0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Oct 28 16:23:39 UTC 2015 - sndirsch@suse.com
|
Wed Oct 28 16:23:39 UTC 2015 - sndirsch@suse.com
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
|
|
||||||
Name: xorg-x11-server
|
Name: xorg-x11-server
|
||||||
|
|
||||||
%define dirsuffix 1.17.3
|
%define dirsuffix 1.17.4
|
||||||
|
|
||||||
Summary: X
|
Summary: X
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -192,8 +192,6 @@ Patch1162: b_cache-xkbcomp-output-for-fast-start-up.patch
|
|||||||
Patch1211: b_0001-Prevent-XSync-Alarms-from-senslessly-calling-CheckTr.patch
|
Patch1211: b_0001-Prevent-XSync-Alarms-from-senslessly-calling-CheckTr.patch
|
||||||
Patch1222: b_sync-fix.patch
|
Patch1222: b_sync-fix.patch
|
||||||
|
|
||||||
Patch1300: u_0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains the X.Org Server.
|
This package contains the X.Org Server.
|
||||||
|
|
||||||
@ -294,8 +292,6 @@ cp %{SOURCE90} .
|
|||||||
### patch222 might not be applicable anymore
|
### patch222 might not be applicable anymore
|
||||||
#%patch1222 -p1
|
#%patch1222 -p1
|
||||||
|
|
||||||
%patch1300 -p1
|
|
||||||
|
|
||||||
find . -type f \! -name '*.orig' \! -path ./source-file-list > source-file-list
|
find . -type f \! -name '*.orig' \! -path ./source-file-list > source-file-list
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
Loading…
Reference in New Issue
Block a user