From: Xavier Boudet Date: Thu, 30 Aug 2012 12:59:01 +0000 (+0200) Subject: Merge branch 'ubuntu' X-Git-Url: https://git.ti.com/gitweb?p=glsdk%2Fxserver.git;a=commitdiff_plain;h=f537615d5940cf5d604a3e127e5fef527d8b3120;hp=ac60fde4aa1a757f54989ad89cbdc2fad15ffd61 Merge branch 'ubuntu' Conflicts: debian/changelog debian/patches/series --- diff --git a/debian/changelog b/debian/changelog index c673348..6ca7701 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,21 +1,11 @@ -xorg-server (2:1.11.4-0ubuntu10.7+ti2.0) precise; urgency=low +xorg-server (2:1.11.4-0ubuntu10.8) precise-proposed; urgency=low - [Ricardo Salveti de Araujo ] - * debian/patches/111_armel-drv-fallbacks.patch: - - Refresh patch to also include the omap driver together with pvr * Add upstream patches to avoid seg fault in case the user is running with multiple screens and xrandr is only enabled at one (LP: #1015292): - - 516-randr-first-check-pScrPriv-before-using-the-pointer.patch - - 517-randr-Catch-two-more-potential-unset-rrScrPriv-uses.patch - - -- Xavier Boudet Tue, 21 Aug 2012 16:51:11 +0200 - -xorg-server (2:1.11.4-0ubuntu10.7+ti1.0) precise; urgency=low - - * Rebased dri2video support on 0ubuntu10.7 - * Add patches for driver to handle the transform + - 229_randr_first_check_pScrPriv_before_using_the_pointer.patch + - 230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch - -- Xavier Boudet Tue, 07 Aug 2012 11:06:32 +0200 + -- Ricardo Salveti de Araujo Thu, 19 Jul 2012 22:57:12 -0300 xorg-server (2:1.11.4-0ubuntu10.7) precise-proposed; urgency=low diff --git a/debian/patches/229_randr_first_check_pScrPriv_before_using_the_pointer.patch b/debian/patches/229_randr_first_check_pScrPriv_before_using_the_pointer.patch new file mode 100644 index 0000000..8c9cf71 --- /dev/null +++ b/debian/patches/229_randr_first_check_pScrPriv_before_using_the_pointer.patch @@ -0,0 +1,30 @@ +From 32603f57ca03b6390b109960f8bb5ea53ac95ecb Mon Sep 17 00:00:00 2001 +From: Ricardo Salveti de Araujo +Date: Thu, 21 Jun 2012 00:55:53 -0300 +Subject: [PATCH] randr: first check pScrPriv before using the pointer at + RRFirstOutput + +Fix a seg fault in case pScrPriv is NULL at ProcRRGetScreenInfo, +which later calls RRFirstOutput. + +Signed-off-by: Ricardo Salveti de Araujo +Reviewed-by: Keith Packard +Signed-off-by: Keith Packard +--- + randr/randr.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: xorg-server-1.11.4/randr/randr.c +=================================================================== +--- xorg-server-1.11.4.orig/randr/randr.c 2012-07-17 18:46:06.000000000 -0300 ++++ xorg-server-1.11.4/randr/randr.c 2012-07-17 18:48:35.169824448 -0300 +@@ -454,6 +454,9 @@ + rrScrPriv(pScreen); + RROutputPtr output; + int i, j; ++ ++ if (!pScrPriv) ++ return NULL; + + if (pScrPriv->primaryOutput && pScrPriv->primaryOutput->crtc) + return pScrPriv->primaryOutput; diff --git a/debian/patches/230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch b/debian/patches/230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch new file mode 100644 index 0000000..e37d073 --- /dev/null +++ b/debian/patches/230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch @@ -0,0 +1,52 @@ +From 855003c333a0ead1db912695bc9705ef2b3144b4 Mon Sep 17 00:00:00 2001 +From: Keith Packard +Date: Thu, 21 Jun 2012 18:45:18 -0700 +Subject: [PATCH] randr: Catch two more potential unset rrScrPriv uses + +Ricardo Salveti found one place where the +randr code could use the randr screen private data without checking +for null first. This happens when the X server is running with +multiple screens, some of which are randr enabled and some of which +are not. Applications making protocol requests to the non-randr +screens can cause segfaults where the server touches the unset private +structure. + +I audited the code and found two more possible problem spots; the +trick to auditing for this issue was to look for functions not taking +a RandR data structure and where there was no null screen private +check above them in the call graph. + +Signed-off-by: Keith Packard +--- + randr/rroutput.c | 3 ++- + randr/rrscreen.c | 3 +++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/randr/rroutput.c b/randr/rroutput.c +index 091e06b..fbd0e32 100644 +--- a/randr/rroutput.c ++++ b/randr/rroutput.c +@@ -546,7 +546,8 @@ ProcRRSetOutputPrimary(ClientPtr client) + } + + pScrPriv = rrGetScrPriv(pWin->drawable.pScreen); +- RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output); ++ if (pScrPriv) ++ RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output); + + return Success; + } +diff --git a/randr/rrscreen.c b/randr/rrscreen.c +index f570afa..55110e0 100644 +--- a/randr/rrscreen.c ++++ b/randr/rrscreen.c +@@ -261,6 +261,9 @@ + + pScreen = pWin->drawable.pScreen; + pScrPriv = rrGetScrPriv(pScreen); ++ if (!pScrPriv) ++ return BadMatch; ++ + if (stuff->width < pScrPriv->minWidth || pScrPriv->maxWidth < stuff->width) + { + client->errorValue = stuff->width; diff --git a/debian/patches/series b/debian/patches/series index 325ccbe..14910e7 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -32,13 +32,14 @@ 226_fall_back_to_autoconfiguration.patch 227_null_ptr_midispcur.patch 228_log-format-fix.patch +229_randr_first_check_pScrPriv_before_using_the_pointer.patch +230_randr_catch_two_more_potential_unset_rrScrPriv_uses.patch ## Input Stack Patches (from xserver 1.12) ## 500_pointer_barrier_thresholds.diff 505_query_pointer_touchscreen.patch 506_touchscreen_pointer_emulation_checks.patch 507_touchscreen_fixes.patch - # Patch 508 attempted to fix LP: #968845, but caused regression # crash bug #1009629. Patches 510-515 attempted to fix that # regression, but this led to the severe crash bug #1021517. @@ -56,6 +57,3 @@ 1001-xfree86-modes-Let-the-driver-handle-the-transform.patch 1002-xfree86-modes-Make-cursor-position-transform-a-helpe.patch -# Upstream patches -516-randr-first-check-pScrPriv-before-using-the-pointer.patch -517-randr-Catch-two-more-potential-unset-rrScrPriv-uses.patch