Magellan Linux

  • Back to homepage
    • /[pkg-src]/trunk/xorg-old/patches-6.8.2-r10/9995_all_CAN-2005-2495.patch

    Annotation of /trunk/xorg-old/patches-6.8.2-r10/9995_all_CAN-2005-2495.patch

    Parent Directory Parent Directory | Revision Log Revision Log

    Revision 167 - (hide annotations) (download)
    Tue May 8 20:58:51 2007 UTC (17 years, 1 month ago) by niro
    File size: 7138 byte(s) 
    -import
    1 niro 167 diff -urN xc.orig/programs/Xserver/afb/afbpixmap.c xc/programs/Xserver/afb/afbpixmap.c
    2     --- xc.orig/programs/Xserver/afb/afbpixmap.c 3 Jul 2005 07:01:14 -0000 1.5
    3     +++ xc/programs/Xserver/afb/afbpixmap.c 26 Aug 2005 19:58:29 -0000
    4     @@ -77,10 +77,14 @@ afbCreatePixmap(pScreen, width, height,
    5     int depth;
    6     {
    7     PixmapPtr pPixmap;
    8     - int datasize;
    9     - int paddedWidth;
    10     + size_t datasize;
    11     + size_t paddedWidth;
    12    
    13     paddedWidth = BitmapBytePad(width);
    14     +
    15     + if (paddedWidth > 32767 || height > 32767 || depth > 4)
    16     + return NullPixmap;
    17     +
    18     datasize = height * paddedWidth * depth;
    19     pPixmap = AllocatePixmap(pScreen, datasize);
    20     if (!pPixmap)
    21     diff -urN xc.orig/programs/Xserver/cfb/cfbpixmap.c xc/programs/Xserver/cfb/cfbpixmap.c
    22     --- xc.orig/programs/Xserver/cfb/cfbpixmap.c 3 Jul 2005 07:01:15 -0000 1.5
    23     +++ xc/programs/Xserver/cfb/cfbpixmap.c 26 Aug 2005 19:58:29 -0000
    24     @@ -72,10 +72,13 @@ cfbCreatePixmap (pScreen, width, height,
    25     int depth;
    26     {
    27     PixmapPtr pPixmap;
    28     - int datasize;
    29     - int paddedWidth;
    30     + size_t datasize;
    31     + size_t paddedWidth;
    32    
    33     paddedWidth = PixmapBytePad(width, depth);
    34     +
    35     + if (paddedWidth / 4 > 32767 || height > 32767)
    36     + return NullPixmap;
    37     datasize = height * paddedWidth;
    38     pPixmap = AllocatePixmap(pScreen, datasize);
    39     if (!pPixmap)
    40     diff -urN xc.orig/programs/Xserver/dix/dispatch.c xc/programs/Xserver/dix/dispatch.c
    41     --- xc.orig/programs/Xserver/dix/dispatch.c 16 Jul 2005 20:52:25 -0000 1.12
    42     +++ xc/programs/Xserver/dix/dispatch.c 26 Aug 2005 19:58:30 -0000
    43     @@ -1483,6 +1483,23 @@ ProcCreatePixmap(register ClientPtr clie
    44     client->errorValue = 0;
    45     return BadValue;
    46     }
    47     + if (stuff->width > 32767 || stuff->height > 32767)
    48     + {
    49     + /* It is allowed to try and allocate a pixmap which is larger than
    50     + * 32767 in either dimension. However, all of the framebuffer code
    51     + * is buggy and does not reliably draw to such big pixmaps, basically
    52     + * because the Region data structure operates with signed shorts
    53     + * for the rectangles in it.
    54     + *
    55     + * Furthermore, several places in the X server computes the
    56     + * size in bytes of the pixmap and tries to store it in an
    57     + * integer. This integer can overflow and cause the allocated size
    58     + * to be much smaller.
    59     + *
    60     + * So, such big pixmaps are rejected here with a BadAlloc
    61     + */
    62     + return BadAlloc;
    63     + }
    64     if (stuff->depth != 1)
    65     {
    66     pDepth = pDraw->pScreen->allowedDepths;
    67     diff -urN xc.orig/programs/Xserver/dix/pixmap.c
    68     --- xc.orig/programs/Xserver/dix/pixmap.c 3 Jul 2005 08:53:38 -0000 1.7
    69     +++ xc/programs/Xserver/dix/pixmap.c 26 Aug 2005 19:58:30 -0000
    70     @@ -118,6 +118,9 @@ AllocatePixmap(ScreenPtr pScreen, int pi
    71     unsigned size;
    72     int i;
    73    
    74     + if (pScreen->totalPixmapSize > ((size_t)-1) - pixDataSize)
    75     + return NullPixmap;
    76     +
    77     pPixmap = (PixmapPtr)xalloc(pScreen->totalPixmapSize + pixDataSize);
    78     if (!pPixmap)
    79     return NullPixmap;
    80     diff -urN xc.orig/programs/Xserver/fb/fbpixmap.c xc/programs/Xserver/fb/fbpixmap.c
    81     --- xc.orig/programs/Xserver/fb/fbpixmap.c 3 Jul 2005 07:01:23 -0000 1.5
    82     +++ xc/programs/Xserver/fb/fbpixmap.c 26 Aug 2005 19:58:30 -0000
    83     @@ -36,12 +36,14 @@ PixmapPtr
    84     fbCreatePixmapBpp (ScreenPtr pScreen, int width, int height, int depth, int bpp)
    85     {
    86     PixmapPtr pPixmap;
    87     - int datasize;
    88     - int paddedWidth;
    89     + size_t datasize;
    90     + size_t paddedWidth;
    91     int adjust;
    92     int base;
    93    
    94     paddedWidth = ((width * bpp + FB_MASK) >> FB_SHIFT) * sizeof (FbBits);
    95     + if (paddedWidth / 4 > 32767 || height > 32767)
    96     + return NullPixmap;
    97     datasize = height * paddedWidth;
    98     #ifdef PIXPRIV
    99     base = pScreen->totalPixmapSize;
    100     diff -urN xc.orig/programs/Xserver/hw/xfree86/xaa/xaaInit.c xc/programs/Xserver/hw/xfree86/xaa/xaaInit.c
    101     --- xc.orig/programs/Xserver/hw/xfree86/xaa/xaaInit.c 3 Jul 2005 08:53:49 -0000 1.7
    102     +++ xc/programs/Xserver/hw/xfree86/xaa/xaaInit.c 26 Aug 2005 19:58:31 -0000
    103     @@ -502,6 +502,9 @@ XAACreatePixmap(ScreenPtr pScreen, int w
    104     XAAPixmapPtr pPriv;
    105     PixmapPtr pPix = NULL;
    106     int size = w * h;
    107     +
    108     + if (w > 32767 || h > 32767)
    109     + return NullPixmap;
    110    
    111     if (!infoRec->offscreenDepthsInitialized)
    112     XAAInitializeOffscreenDepths (pScreen);
    113    
    114     diff -urN xc.orig/programs/Xserver/hw/xfree86/xf4bpp/ppcPixmap.c xc/programs/Xserver/hw/xfree86/xf4bpp/ppcPixmap.c
    115     --- xc.orig/programs/Xserver/hw/xfree86/xf4bpp/ppcPixmap.c 3 Jul 2005 07:01:41 -0000 1.3
    116     +++ xc/programs/Xserver/hw/xfree86/xf4bpp/ppcPixmap.c 26 Aug 2005 19:58:31 -0000
    117     @@ -89,7 +89,7 @@ xf4bppCreatePixmap( pScreen, width, heig
    118     int depth ;
    119     {
    120     register PixmapPtr pPixmap = (PixmapPtr)NULL;
    121     - int size ;
    122     + size_t size ;
    123    
    124     TRACE(("xf4bppCreatePixmap(pScreen=0x%x, width=%d, height=%d, depth=%d)\n", pScreen, width, height, depth)) ;
    125    
    126     @@ -97,6 +97,10 @@ xf4bppCreatePixmap( pScreen, width, heig
    127     return (PixmapPtr) NULL ;
    128    
    129     size = PixmapBytePad(width, depth);
    130     +
    131     + if (size / 4 > 32767 || height > 32767)
    132     + return (PixmapPtr) NULL ;
    133     +
    134     pPixmap = AllocatePixmap (pScreen, (height * size));
    135    
    136     if ( !pPixmap )
    137     diff -urN xc.orig/programs/Xserver/ilbm/ilbmpixmap.c xc/programs/Xserver/ilbm/ilbmpixmap.c
    138     --- xc.orig/programs/Xserver/ilbm/ilbmpixmap.c 3 Jul 2005 07:01:44 -0000 1.4
    139     +++ xc/programs/Xserver/ilbm/ilbmpixmap.c 26 Aug 2005 19:58:31 -0000
    140     @@ -79,10 +79,12 @@ ilbmCreatePixmap(pScreen, width, height,
    141     int depth;
    142     {
    143     PixmapPtr pPixmap;
    144     - int datasize;
    145     - int paddedWidth;
    146     + size_t datasize;
    147     + size_t paddedWidth;
    148    
    149     paddedWidth = BitmapBytePad(width);
    150     + if (paddedWidth > 32767 || height > 32767 || depth > 4)
    151     + return NullPixmap;
    152     datasize = height * paddedWidth * depth;
    153     pPixmap = AllocatePixmap(pScreen, datasize);
    154     if (!pPixmap)
    155     diff -urN xc.orig/programs/Xserver/iplan2p4/iplpixmap.c xc/programs/Xserver/iplan2p4/iplpixmap.c
    156     --- xc.orig/programs/Xserver/iplan2p4/iplpixmap.c 3 Jul 2005 07:01:46 -0000 1.4
    157     +++ xc/programs/Xserver/iplan2p4/iplpixmap.c 26 Aug 2005 19:58:31 -0000
    158     @@ -78,12 +78,14 @@ iplCreatePixmap (pScreen, width, height,
    159     int depth;
    160     {
    161     PixmapPtr pPixmap;
    162     - int datasize;
    163     - int paddedWidth;
    164     + size_t datasize;
    165     + size_t paddedWidth;
    166     int ipad=INTER_PLANES*2 - 1;
    167    
    168     paddedWidth = PixmapBytePad(width, depth);
    169     paddedWidth = (paddedWidth + ipad) & ~ipad;
    170     + if (paddedWidth / 4 > 32767 || height > 32767)
    171     + return NullPixmap;
    172     datasize = height * paddedWidth;
    173     pPixmap = AllocatePixmap(pScreen, datasize);
    174     if (!pPixmap)
    175     diff -urN xc.orig/programs/Xserver/mfb/mfbpixmap.c xc/programs/Xserver/mfb/mfbpixmap.c
    176     --- xc.orig/programs/Xserver/mfb/mfbpixmap.c 3 Jul 2005 07:01:50 -0000 1.4
    177     +++ xc/programs/Xserver/mfb/mfbpixmap.c 26 Aug 2005 19:58:31 -0000
    178     @@ -75,12 +75,14 @@ mfbCreatePixmap (pScreen, width, height,
    179     int depth;
    180     {
    181     PixmapPtr pPixmap;
    182     - int datasize;
    183     - int paddedWidth;
    184     + size_t datasize;
    185     + size_t paddedWidth;
    186    
    187     if (depth != 1)
    188     return NullPixmap;
    189     paddedWidth = BitmapBytePad(width);
    190     + if (paddedWidth / 4 > 32767 || height > 32767)
    191     + return NullPixmap;
    192     datasize = height * paddedWidth;
    193     pPixmap = AllocatePixmap(pScreen, datasize);
    194     if (!pPixmap)