Magellan Linux

  • Back to homepage
    • /[pkg-src]/trunk/xorg-old/patches-6.8.2-r10/9995_all_CAN-2005-2495.patch

    Contents of /trunk/xorg-old/patches-6.8.2-r10/9995_all_CAN-2005-2495.patch

    Parent Directory Parent Directory | Revision Log Revision Log

    Revision 167 - (show annotations) (download)
    Tue May 8 20:58:51 2007 UTC (17 years ago) by niro
    File size: 7138 byte(s) 
    -import
    1 diff -urN xc.orig/programs/Xserver/afb/afbpixmap.c xc/programs/Xserver/afb/afbpixmap.c
    2 --- xc.orig/programs/Xserver/afb/afbpixmap.c 3 Jul 2005 07:01:14 -0000 1.5
    3 +++ xc/programs/Xserver/afb/afbpixmap.c 26 Aug 2005 19:58:29 -0000
    4 @@ -77,10 +77,14 @@ afbCreatePixmap(pScreen, width, height,
    5 int depth;
    6 {
    7 PixmapPtr pPixmap;
    8 - int datasize;
    9 - int paddedWidth;
    10 + size_t datasize;
    11 + size_t paddedWidth;
    12
    13 paddedWidth = BitmapBytePad(width);
    14 +
    15 + if (paddedWidth > 32767 || height > 32767 || depth > 4)
    16 + return NullPixmap;
    17 +
    18 datasize = height * paddedWidth * depth;
    19 pPixmap = AllocatePixmap(pScreen, datasize);
    20 if (!pPixmap)
    21 diff -urN xc.orig/programs/Xserver/cfb/cfbpixmap.c xc/programs/Xserver/cfb/cfbpixmap.c
    22 --- xc.orig/programs/Xserver/cfb/cfbpixmap.c 3 Jul 2005 07:01:15 -0000 1.5
    23 +++ xc/programs/Xserver/cfb/cfbpixmap.c 26 Aug 2005 19:58:29 -0000
    24 @@ -72,10 +72,13 @@ cfbCreatePixmap (pScreen, width, height,
    25 int depth;
    26 {
    27 PixmapPtr pPixmap;
    28 - int datasize;
    29 - int paddedWidth;
    30 + size_t datasize;
    31 + size_t paddedWidth;
    32
    33 paddedWidth = PixmapBytePad(width, depth);
    34 +
    35 + if (paddedWidth / 4 > 32767 || height > 32767)
    36 + return NullPixmap;
    37 datasize = height * paddedWidth;
    38 pPixmap = AllocatePixmap(pScreen, datasize);
    39 if (!pPixmap)
    40 diff -urN xc.orig/programs/Xserver/dix/dispatch.c xc/programs/Xserver/dix/dispatch.c
    41 --- xc.orig/programs/Xserver/dix/dispatch.c 16 Jul 2005 20:52:25 -0000 1.12
    42 +++ xc/programs/Xserver/dix/dispatch.c 26 Aug 2005 19:58:30 -0000
    43 @@ -1483,6 +1483,23 @@ ProcCreatePixmap(register ClientPtr clie
    44 client->errorValue = 0;
    45 return BadValue;
    46 }
    47 + if (stuff->width > 32767 || stuff->height > 32767)
    48 + {
    49 + /* It is allowed to try and allocate a pixmap which is larger than
    50 + * 32767 in either dimension. However, all of the framebuffer code
    51 + * is buggy and does not reliably draw to such big pixmaps, basically
    52 + * because the Region data structure operates with signed shorts
    53 + * for the rectangles in it.
    54 + *
    55 + * Furthermore, several places in the X server computes the
    56 + * size in bytes of the pixmap and tries to store it in an
    57 + * integer. This integer can overflow and cause the allocated size
    58 + * to be much smaller.
    59 + *
    60 + * So, such big pixmaps are rejected here with a BadAlloc
    61 + */
    62 + return BadAlloc;
    63 + }
    64 if (stuff->depth != 1)
    65 {
    66 pDepth = pDraw->pScreen->allowedDepths;
    67 diff -urN xc.orig/programs/Xserver/dix/pixmap.c
    68 --- xc.orig/programs/Xserver/dix/pixmap.c 3 Jul 2005 08:53:38 -0000 1.7
    69 +++ xc/programs/Xserver/dix/pixmap.c 26 Aug 2005 19:58:30 -0000
    70 @@ -118,6 +118,9 @@ AllocatePixmap(ScreenPtr pScreen, int pi
    71 unsigned size;
    72 int i;
    73
    74 + if (pScreen->totalPixmapSize > ((size_t)-1) - pixDataSize)
    75 + return NullPixmap;
    76 +
    77 pPixmap = (PixmapPtr)xalloc(pScreen->totalPixmapSize + pixDataSize);
    78 if (!pPixmap)
    79 return NullPixmap;
    80 diff -urN xc.orig/programs/Xserver/fb/fbpixmap.c xc/programs/Xserver/fb/fbpixmap.c
    81 --- xc.orig/programs/Xserver/fb/fbpixmap.c 3 Jul 2005 07:01:23 -0000 1.5
    82 +++ xc/programs/Xserver/fb/fbpixmap.c 26 Aug 2005 19:58:30 -0000
    83 @@ -36,12 +36,14 @@ PixmapPtr
    84 fbCreatePixmapBpp (ScreenPtr pScreen, int width, int height, int depth, int bpp)
    85 {
    86 PixmapPtr pPixmap;
    87 - int datasize;
    88 - int paddedWidth;
    89 + size_t datasize;
    90 + size_t paddedWidth;
    91 int adjust;
    92 int base;
    93
    94 paddedWidth = ((width * bpp + FB_MASK) >> FB_SHIFT) * sizeof (FbBits);
    95 + if (paddedWidth / 4 > 32767 || height > 32767)
    96 + return NullPixmap;
    97 datasize = height * paddedWidth;
    98 #ifdef PIXPRIV
    99 base = pScreen->totalPixmapSize;
    100 diff -urN xc.orig/programs/Xserver/hw/xfree86/xaa/xaaInit.c xc/programs/Xserver/hw/xfree86/xaa/xaaInit.c
    101 --- xc.orig/programs/Xserver/hw/xfree86/xaa/xaaInit.c 3 Jul 2005 08:53:49 -0000 1.7
    102 +++ xc/programs/Xserver/hw/xfree86/xaa/xaaInit.c 26 Aug 2005 19:58:31 -0000
    103 @@ -502,6 +502,9 @@ XAACreatePixmap(ScreenPtr pScreen, int w
    104 XAAPixmapPtr pPriv;
    105 PixmapPtr pPix = NULL;
    106 int size = w * h;
    107 +
    108 + if (w > 32767 || h > 32767)
    109 + return NullPixmap;
    110
    111 if (!infoRec->offscreenDepthsInitialized)
    112 XAAInitializeOffscreenDepths (pScreen);
    113
    114 diff -urN xc.orig/programs/Xserver/hw/xfree86/xf4bpp/ppcPixmap.c xc/programs/Xserver/hw/xfree86/xf4bpp/ppcPixmap.c
    115 --- xc.orig/programs/Xserver/hw/xfree86/xf4bpp/ppcPixmap.c 3 Jul 2005 07:01:41 -0000 1.3
    116 +++ xc/programs/Xserver/hw/xfree86/xf4bpp/ppcPixmap.c 26 Aug 2005 19:58:31 -0000
    117 @@ -89,7 +89,7 @@ xf4bppCreatePixmap( pScreen, width, heig
    118 int depth ;
    119 {
    120 register PixmapPtr pPixmap = (PixmapPtr)NULL;
    121 - int size ;
    122 + size_t size ;
    123
    124 TRACE(("xf4bppCreatePixmap(pScreen=0x%x, width=%d, height=%d, depth=%d)\n", pScreen, width, height, depth)) ;
    125
    126 @@ -97,6 +97,10 @@ xf4bppCreatePixmap( pScreen, width, heig
    127 return (PixmapPtr) NULL ;
    128
    129 size = PixmapBytePad(width, depth);
    130 +
    131 + if (size / 4 > 32767 || height > 32767)
    132 + return (PixmapPtr) NULL ;
    133 +
    134 pPixmap = AllocatePixmap (pScreen, (height * size));
    135
    136 if ( !pPixmap )
    137 diff -urN xc.orig/programs/Xserver/ilbm/ilbmpixmap.c xc/programs/Xserver/ilbm/ilbmpixmap.c
    138 --- xc.orig/programs/Xserver/ilbm/ilbmpixmap.c 3 Jul 2005 07:01:44 -0000 1.4
    139 +++ xc/programs/Xserver/ilbm/ilbmpixmap.c 26 Aug 2005 19:58:31 -0000
    140 @@ -79,10 +79,12 @@ ilbmCreatePixmap(pScreen, width, height,
    141 int depth;
    142 {
    143 PixmapPtr pPixmap;
    144 - int datasize;
    145 - int paddedWidth;
    146 + size_t datasize;
    147 + size_t paddedWidth;
    148
    149 paddedWidth = BitmapBytePad(width);
    150 + if (paddedWidth > 32767 || height > 32767 || depth > 4)
    151 + return NullPixmap;
    152 datasize = height * paddedWidth * depth;
    153 pPixmap = AllocatePixmap(pScreen, datasize);
    154 if (!pPixmap)
    155 diff -urN xc.orig/programs/Xserver/iplan2p4/iplpixmap.c xc/programs/Xserver/iplan2p4/iplpixmap.c
    156 --- xc.orig/programs/Xserver/iplan2p4/iplpixmap.c 3 Jul 2005 07:01:46 -0000 1.4
    157 +++ xc/programs/Xserver/iplan2p4/iplpixmap.c 26 Aug 2005 19:58:31 -0000
    158 @@ -78,12 +78,14 @@ iplCreatePixmap (pScreen, width, height,
    159 int depth;
    160 {
    161 PixmapPtr pPixmap;
    162 - int datasize;
    163 - int paddedWidth;
    164 + size_t datasize;
    165 + size_t paddedWidth;
    166 int ipad=INTER_PLANES*2 - 1;
    167
    168 paddedWidth = PixmapBytePad(width, depth);
    169 paddedWidth = (paddedWidth + ipad) & ~ipad;
    170 + if (paddedWidth / 4 > 32767 || height > 32767)
    171 + return NullPixmap;
    172 datasize = height * paddedWidth;
    173 pPixmap = AllocatePixmap(pScreen, datasize);
    174 if (!pPixmap)
    175 diff -urN xc.orig/programs/Xserver/mfb/mfbpixmap.c xc/programs/Xserver/mfb/mfbpixmap.c
    176 --- xc.orig/programs/Xserver/mfb/mfbpixmap.c 3 Jul 2005 07:01:50 -0000 1.4
    177 +++ xc/programs/Xserver/mfb/mfbpixmap.c 26 Aug 2005 19:58:31 -0000
    178 @@ -75,12 +75,14 @@ mfbCreatePixmap (pScreen, width, height,
    179 int depth;
    180 {
    181 PixmapPtr pPixmap;
    182 - int datasize;
    183 - int paddedWidth;
    184 + size_t datasize;
    185 + size_t paddedWidth;
    186
    187 if (depth != 1)
    188 return NullPixmap;
    189 paddedWidth = BitmapBytePad(width);
    190 + if (paddedWidth / 4 > 32767 || height > 32767)
    191 + return NullPixmap;
    192 datasize = height * paddedWidth;
    193 pPixmap = AllocatePixmap(pScreen, datasize);
    194 if (!pPixmap)