/[gentoo-x86]/x11-base/xorg-server/files/0.99.1-r10_CAN-2005-2495.patch
Gentoo

Contents of /x11-base/xorg-server/files/0.99.1-r10_CAN-2005-2495.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations) (download)
Sun Oct 16 20:04:43 2005 UTC (8 years, 11 months ago) by spyderous
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
Pull old ebuilds.
(Portage version: 2.0.53_rc5)

1 diff -urN afb/afbpixmap.c afb/afbpixmap.c
2 --- afb/afbpixmap.c 2005-08-26 15:35:33.000000000 -0400
3 +++ afb/afbpixmap.c 2005-08-26 14:09:24.000000000 -0400
4 @@ -77,10 +77,14 @@
5 int depth;
6 {
7 PixmapPtr pPixmap;
8 - int datasize;
9 - int paddedWidth;
10 + size_t datasize;
11 + size_t paddedWidth;
12
13 paddedWidth = BitmapBytePad(width);
14 +
15 + if (paddedWidth > 32767 || height > 32767)
16 + return NullPixmap;
17 +
18 datasize = height * paddedWidth * depth;
19 pPixmap = AllocatePixmap(pScreen, datasize);
20 if (!pPixmap)
21 diff -urN cfb/cfbpixmap.c cfb/cfbpixmap.c
22 --- cfb/cfbpixmap.c 2005-08-26 15:35:33.000000000 -0400
23 +++ cfb/cfbpixmap.c 2005-08-26 14:10:14.000000000 -0400
24 @@ -68,10 +68,14 @@
25 int depth;
26 {
27 PixmapPtr pPixmap;
28 - int datasize;
29 - int paddedWidth;
30 + size_t datasize;
31 + size_t paddedWidth;
32
33 paddedWidth = PixmapBytePad(width, depth);
34 +
35 + if (paddedWidth > 32767 || height > 32767)
36 + return NullPixmap;
37 +
38 datasize = height * paddedWidth;
39 pPixmap = AllocatePixmap(pScreen, datasize);
40 if (!pPixmap)
41 diff -urN dix/dispatch.c dix/dispatch.c
42 --- dix/dispatch.c 2004-12-12 20:23:05.000000000 -0500
43 +++ dix/dispatch.c 2005-08-26 14:13:37.000000000 -0400
44 @@ -1506,6 +1506,23 @@
45 client->errorValue = 0;
46 return BadValue;
47 }
48 + if (stuff->width > 32767 || stuff->height > 32767)
49 + {
50 + /* It is allowed to try and allocate a pixmap which is larger than
51 + * 32767 in either dimension. However, all of the framebuffer code
52 + * is buggy and does not reliably draw to such big pixmaps, basically
53 + * because the Region data structure operates with signed shorts for
54 + * the rectangles in it.
55 + *
56 + * Furthermore, several places in the X server compute the size in
57 + * bytes of the pixmap and try to store it in an integer. This
58 + * integer can overflow and cause the allocated size to be much
59 + * smaller.
60 + *
61 + * So, such big pixmaps are rejected here with a BadAlloc
62 + */
63 + return BadAlloc;
64 + }
65 if (stuff->depth != 1)
66 {
67 pDepth = pDraw->pScreen->allowedDepths;
68 diff -urN fb/fbpixmap.c fb/fbpixmap.c
69 --- fb/fbpixmap.c 2004-08-08 23:40:50.000000000 -0400
70 +++ fb/fbpixmap.c 2005-08-26 14:14:49.000000000 -0400
71 @@ -32,12 +32,16 @@
72 fbCreatePixmapBpp (ScreenPtr pScreen, int width, int height, int depth, int bpp)
73 {
74 PixmapPtr pPixmap;
75 - int datasize;
76 - int paddedWidth;
77 + size_t datasize;
78 + size_t paddedWidth;
79 int adjust;
80 int base;
81
82 paddedWidth = ((width * bpp + FB_MASK) >> FB_SHIFT) * sizeof (FbBits);
83 +
84 + if (paddedWidth > 32767 || height > 32767)
85 + return NullPixmap;
86 +
87 datasize = height * paddedWidth;
88 #ifdef PIXPRIV
89 base = pScreen->totalPixmapSize;
90 diff -urN hw/xfree86/xaa/xaaInit.c hw/xfree86/xaa/xaaInit.c
91 --- hw/xfree86/xaa/xaaInit.c 2004-07-30 16:30:56.000000000 -0400
92 +++ hw/xfree86/xaa/xaaInit.c 2005-08-26 14:16:30.000000000 -0400
93 @@ -499,6 +499,9 @@
94 PixmapPtr pPix = NULL;
95 int size = w * h;
96
97 + if (w > 32767 || h > 32767)
98 + return NullPixmap;
99 +
100 if (!infoRec->offscreenDepthsInitialized)
101 XAAInitializeOffscreenDepths (pScreen);
102
103 diff -urN hw/xfree86/xf4bpp/ppcPixmap.c hw/xfree86/xf4bpp/ppcPixmap.c
104 --- hw/xfree86/xf4bpp/ppcPixmap.c 2004-04-23 15:54:17.000000000 -0400
105 +++ hw/xfree86/xf4bpp/ppcPixmap.c 2005-08-26 14:17:29.000000000 -0400
106 @@ -85,14 +85,18 @@
107 int depth ;
108 {
109 register PixmapPtr pPixmap = (PixmapPtr)NULL;
110 - int size ;
111 + size_t size ;
112
113 TRACE(("xf4bppCreatePixmap(pScreen=0x%x, width=%d, height=%d, depth=%d)\n", pScreen, width, height, depth)) ;
114
115 if ( depth > 8 )
116 - return (PixmapPtr) NULL ;
117 + return (PixmapPtr) NULL ;
118 +
119 + if (width > 32767 || height > 32767)
120 + return (PixmapPtr) NULL ;
121
122 size = PixmapBytePad(width, depth);
123 +
124 pPixmap = AllocatePixmap (pScreen, (height * size));
125
126 if ( !pPixmap )
127 diff -urN mfb/mfbpixmap.c mfb/mfbpixmap.c
128 --- mfb/mfbpixmap.c 2003-11-14 11:48:57.000000000 -0500
129 +++ mfb/mfbpixmap.c 2005-08-26 15:34:32.000000000 -0400
130 @@ -72,11 +72,15 @@
131 int depth;
132 {
133 PixmapPtr pPixmap;
134 - int datasize;
135 - int paddedWidth;
136 + size_t datasize;
137 + size_t paddedWidth;
138
139 if (depth != 1)
140 return NullPixmap;
141 +
142 + if (width > 32767 || height > 32767)
143 + return NullPixmap;
144 +
145 paddedWidth = BitmapBytePad(width);
146 datasize = height * paddedWidth;
147 pPixmap = AllocatePixmap(pScreen, datasize);

  ViewVC Help
Powered by ViewVC 1.1.20