diff options
Diffstat (limited to 'extra/xorg-server/git-fixes.patch')
| -rw-r--r-- | extra/xorg-server/git-fixes.patch | 393 |
1 files changed, 133 insertions, 260 deletions
diff --git a/extra/xorg-server/git-fixes.patch b/extra/xorg-server/git-fixes.patch index 3c59c27c9..27da61eca 100644 --- a/extra/xorg-server/git-fixes.patch +++ b/extra/xorg-server/git-fixes.patch @@ -1,288 +1,161 @@ -From bd6ea85209e5ab80375d4ec9994d10a89fd1374a Mon Sep 17 00:00:00 2001 -From: Jamey Sharp <jamey@minilop.net> -Date: Wed, 15 Sep 2010 01:35:21 +0000 -Subject: Fix pixmap double-frees on error paths. +From 89626304ea1ad316c5b7145a40f09377148cff21 Mon Sep 17 00:00:00 2001 +From: Dave Airlie <airlied@redhat.com> +Date: Thu, 20 Oct 2011 13:43:01 +0000 +Subject: xf86Crtc: handle no outputs with no modes harder. -If AddResource fails, it will automatically free the object that was -passed to it by calling the appropriate deleteFunc; and of course -FreeResource also calls the deleteFunc. In both cases it's wrong to call -the destroy hook manually. +If you started an X server with no connected outputs, we pick a default +1024x768 mode, however if you then ran an xvidmode using app against that +server it would segfault the server due to not finding any valid modes. -Commit by Jamey Sharp and Josh Triplett. +This was due to the no output mode set code, only adding the modes to the +scrn->modes once, when something called randr 1.2 xf86SetScrnInfoModes would +get called and remove all the modes and we'd end up with 0. -Signed-off-by: Jamey Sharp <jamey@minilop.net> -Signed-off-by: Josh Triplett <josh@joshtriplett.org> -Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> -Reviewed-by: Aaron Plattner <aplattner@nvidia.com> -(cherry picked from commit 0f380a5005f800572773cd4667ce43c7459cc467) +This change fixes xf86SetScrnInfoModes to always report a scrn mode of at +least 1024x768, and pushes the initial configuration to just call it instead +of setting up the mode itself. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=746926 + +I've seen other bugs like this on other distros so it might also actually fix them. + +Signed-off-by: Dave Airlie <airlied@redhat.com> +Reviewed-by: Keith Packard <keithp@keithp.com> +Signed-off-by: Keith Packard <keithp@keithp.com> +(cherry picked from commit 17416e88dcfcc584fe5f87580d5d2b719b3521c3) --- -diff --git a/Xext/shm.c b/Xext/shm.c -index b08af82..4141a8f 100644 ---- a/Xext/shm.c -+++ b/Xext/shm.c -@@ -991,7 +991,6 @@ CreatePmap: - pMap->drawable.serialNumber = NEXT_SERIAL_NUMBER; - pMap->drawable.id = newPix->info[j].id; - if (!AddResource(newPix->info[j].id, RT_PIXMAP, (pointer)pMap)) { -- (*pScreen->DestroyPixmap)(pMap); - result = BadAlloc; +diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c +index d75cd77..8906806 100644 +--- a/hw/xfree86/modes/xf86Crtc.c ++++ b/hw/xfree86/modes/xf86Crtc.c +@@ -1915,19 +1915,25 @@ xf86SetScrnInfoModes (ScrnInfoPtr scrn) break; - } -@@ -1002,10 +1001,8 @@ CreatePmap: } - if(result == BadAlloc) { -- while(j--) { -- (*pScreen->DestroyPixmap)(pMap); -+ while(j--) - FreeResource(newPix->info[j].id, RT_NONE); +- if (scrn->modes != NULL) { +- /* For some reason, scrn->modes is circular, unlike the other mode +- * lists. How great is that? +- */ +- for (last = scrn->modes; last && last->next; last = last->next) +- ; +- last->next = scrn->modes; +- scrn->modes->prev = last; +- if (mode) { +- while (scrn->modes != mode) +- scrn->modes = scrn->modes->next; - } - free(newPix); - } else - AddResource(stuff->pid, XRT_PIXMAP, newPix); -@@ -1110,7 +1107,6 @@ CreatePmap: - { - return Success; - } -- pDraw->pScreen->DestroyPixmap(pMap); ++ if (!scrn->modes) { ++ scrn->modes = xf86ModesAdd(scrn->modes, ++ xf86CVTMode(scrn->display->virtualX, ++ scrn->display->virtualY, ++ 60, 0, 0)); ++ } ++ ++ /* For some reason, scrn->modes is circular, unlike the other mode ++ * lists. How great is that? ++ */ ++ for (last = scrn->modes; last && last->next; last = last->next) ++ ; ++ last->next = scrn->modes; ++ scrn->modes->prev = last; ++ if (mode) { ++ while (scrn->modes != mode) ++ scrn->modes = scrn->modes->next; } - return BadAlloc; - } -diff --git a/dix/dispatch.c b/dix/dispatch.c -index 192c8c3..f8200b1 100644 ---- a/dix/dispatch.c -+++ b/dix/dispatch.c -@@ -1419,7 +1419,6 @@ CreatePmap: - } - if (AddResource(stuff->pid, RT_PIXMAP, (pointer)pMap)) - return Success; -- (*pDraw->pScreen->DestroyPixmap)(pMap); ++ + scrn->currentMode = scrn->modes; + #ifdef XFreeXDGA + if (scrn->pScreen) +@@ -2529,16 +2535,7 @@ xf86InitialConfiguration (ScrnInfoPtr scrn, Bool canGrow) + width, height); } - return BadAlloc; - } --- -cgit v0.9.0.2-2-gbebe -From 347f5610ca023fb31485aa19c20607af8bf9c834 Mon Sep 17 00:00:00 2001 -From: Carlos Garnacho <carlosg@gnome.org> -Date: Tue, 30 Aug 2011 22:46:52 +0000 -Subject: Xi: Fix passive XI2 ungrabs on XIAll[Master]Devices - -The corresponding DeviceIntPtr wasn't being gotten properly, -resulting in BadDevice from dixLookupDevice(). - -Signed-off-by: Carlos Garnacho <carlosg@gnome.org> -Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> -Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> -(cherry picked from commit f52d5cd374563544dafe29587411f345e31bbdf8) ---- -diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c -index ae43433..5cdd8ac 100644 ---- a/Xi/xipassivegrab.c -+++ b/Xi/xipassivegrab.c -@@ -261,9 +261,16 @@ ProcXIPassiveUngrabDevice(ClientPtr client) - REQUEST(xXIPassiveUngrabDeviceReq); - REQUEST_AT_LEAST_SIZE(xXIPassiveUngrabDeviceReq); -- rc = dixLookupDevice(&dev, stuff->deviceid, client, DixGrabAccess); -- if (rc != Success) -- return rc; -+ if (stuff->deviceid == XIAllDevices) -+ dev = inputInfo.all_devices; -+ else if (stuff->deviceid == XIAllMasterDevices) -+ dev = inputInfo.all_master_devices; -+ else -+ { -+ rc = dixLookupDevice(&dev, stuff->deviceid, client, DixGrabAccess); -+ if (rc != Success) -+ return rc; -+ } +- if (have_outputs) { +- /* Mirror output modes to scrn mode list */ +- xf86SetScrnInfoModes (scrn); +- } else { +- /* Clear any existing modes from scrn->modes */ +- while (scrn->modes != NULL) +- xf86DeleteMode(&scrn->modes, scrn->modes); +- scrn->modes = xf86ModesAdd(scrn->modes, +- xf86CVTMode(width, height, 60, 0, 0)); +- } ++ xf86SetScrnInfoModes (scrn); - if (stuff->grab_type != XIGrabtypeButton && - stuff->grab_type != XIGrabtypeKeycode && + success = TRUE; + bailout: -- cgit v0.9.0.2-2-gbebe -From e9ae33316012ffe9acfeeb7303ab3392c2ca2a2b Mon Sep 17 00:00:00 2001 -From: Sam Spilsbury <sam.spilsbury@canonical.com> -Date: Wed, 14 Sep 2011 01:58:34 +0000 -Subject: Remove the SendEvent bit (0x80) before doing range checks on event type. +From 97f2ae60fc0cc755abd8b88df826fcb1a20464fe Mon Sep 17 00:00:00 2001 +From: Christopher Yeleighton <giecrilj@stegny.2a.pl> +Date: Tue, 25 Oct 2011 01:47:06 +0000 +Subject: Bug 38420: Xvfb crashes in miInitVisuals() when started with depth=2 -Some extension libraries may set this bit before converting the event to -wire protocol and as such range checking the event will cause an invalid -BadValue error to result. As the documentation suggests the the bit -should be "forced on", remove it before doing range checks and continue -to force it on in the server. +https://bugs.freedesktop.org/show_bug.cgi?id=38420 -Reviewed-by: Jamey Sharp <jamey@minilop.net> -Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> -(cherry picked from commit 2d2dce558d24eeea0eb011ec9ebaa6c5c2273c39) ---- -diff --git a/dix/events.c b/dix/events.c -index 8a4c6b9..9e58edb 100644 ---- a/dix/events.c -+++ b/dix/events.c -@@ -5224,6 +5224,8 @@ CloseDownEvents(void) - InputEventList = NULL; - } - -+#define SEND_EVENT_BIT 0x80 -+ - /** - * Server-side protocol handling for SendEvent request. - * -@@ -5241,6 +5243,16 @@ ProcSendEvent(ClientPtr client) - - REQUEST_SIZE_MATCH(xSendEventReq); - -+ /* libXext and other extension libraries may set the bit indicating -+ * that this event came from a SendEvent request so remove it -+ * since otherwise the event type may fail the range checks -+ * and cause an invalid BadValue error to be returned. -+ * -+ * This is safe to do since we later add the SendEvent bit (0x80) -+ * back in once we send the event to the client */ -+ -+ stuff->event.u.u.type &= ~(SEND_EVENT_BIT); -+ - /* The client's event type must be a core event type or one defined by an - extension. */ - -@@ -5298,7 +5310,7 @@ ProcSendEvent(ClientPtr client) - client->errorValue = stuff->propagate; - return BadValue; - } -- stuff->event.u.u.type |= 0x80; -+ stuff->event.u.u.type |= SEND_EVENT_BIT; - if (stuff->propagate) - { - for (;pWin; pWin = pWin->parent) --- -cgit v0.9.0.2-2-gbebe -From b45e22675364915c32560c26404cf30d77ab68aa Mon Sep 17 00:00:00 2001 -From: Alan Hourihane <alanh@vmware.com> -Date: Wed, 05 Oct 2011 02:42:46 +0000 -Subject: dixfonts: Don't overwrite local c variable until new_closure is safely initialized. +Exit with fatal error message, not segfault. -Signed-off-by: Alan Hourihane <alanh@vmware.com> +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com> -(cherry picked from commit 7a33c5b934382b5554f41ab1502514e91c9bc52e) +Signed-off-by: Keith Packard <keithp@keithp.com> +(cherry picked from commit 7d50211ab57a35910d79fc3f67ae89aff91fa995) --- -diff --git a/dix/dixfonts.c b/dix/dixfonts.c -index fbac124..d2bcb84 100644 ---- a/dix/dixfonts.c -+++ b/dix/dixfonts.c -@@ -1302,31 +1302,30 @@ doPolyText(ClientPtr client, PTclosurePtr c) - goto bail; - } - *new_closure = *c; -- c = new_closure; - -- len = c->endReq - c->pElt; -- c->data = malloc(len); -- if (!c->data) -+ len = new_closure->endReq - new_closure->pElt; -+ new_closure->data = malloc(len); -+ if (!new_closure->data) - { -- free(c); -+ free(new_closure); - err = BadAlloc; - goto bail; - } -- memmove(c->data, c->pElt, len); -- c->pElt = c->data; -- c->endReq = c->pElt + len; -+ memmove(new_closure->data, new_closure->pElt, len); -+ new_closure->pElt = new_closure->data; -+ new_closure->endReq = new_closure->pElt + len; - - /* Step 2 */ - -- pGC = GetScratchGC(c->pGC->depth, c->pGC->pScreen); -+ pGC = GetScratchGC(new_closure->pGC->depth, new_closure->pGC->pScreen); - if (!pGC) - { -- free(c->data); -- free(c); -+ free(new_closure->data); -+ free(new_closure); - err = BadAlloc; - goto bail; - } -- if ((err = CopyGC(c->pGC, pGC, GCFunction | -+ if ((err = CopyGC(new_closure->pGC, pGC, GCFunction | - GCPlaneMask | GCForeground | - GCBackground | GCFillStyle | - GCTile | GCStipple | -@@ -1337,15 +1336,16 @@ doPolyText(ClientPtr client, PTclosurePtr c) - Success) - { - FreeScratchGC(pGC); -- free(c->data); -- free(c); -+ free(new_closure->data); -+ free(new_closure); - err = BadAlloc; - goto bail; - } -+ c = new_closure; - origGC = c->pGC; - c->pGC = pGC; - ValidateGC(c->pDraw, c->pGC); -- -+ - ClientSleep(client, (ClientSleepProcPtr)doPolyText, c); +diff --git a/hw/vfb/InitOutput.c b/hw/vfb/InitOutput.c +index 31ed505..dce3f84 100644 +--- a/hw/vfb/InitOutput.c ++++ b/hw/vfb/InitOutput.c +@@ -864,6 +864,8 @@ vfbScreenInit(int index, ScreenPtr pScreen, int argc, char **argv) + (1 << DirectColor)), + 10, TrueColor, 0x3ff00000, 0x000ffc00, 0x000003ff); + break; ++ default: ++ return FALSE; + } - /* Set up to perform steps 3 and 4 */ + miSetPixmapDepths (); -- cgit v0.9.0.2-2-gbebe -From bec15eb73a17fb47963ff6b747ea504f7dc05deb Mon Sep 17 00:00:00 2001 -From: Kirill Elagin <kirelagin@gmail.com> -Date: Tue, 04 Oct 2011 19:02:20 +0000 -Subject: Fix server crash due to invalid images +From 34bb83b9df20ff63dbb147ed661f39efb8bae8e4 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Mon, 24 Oct 2011 02:00:32 +0000 +Subject: dix: block signals when closing all devices -See https://bugs.freedesktop.org/show_bug.cgi?id=39383 +When closing down all devices, we manually unset master for all attached +devices, but the device's sprite info still points to the master's sprite +info. This leaves us a window where the master is freed already but the +device isn't yet. A signal during that window causes dereference of the +already freed spriteInfo in mieqEnqueue's EnqueueScreen macro. -Signed-off-by: Kirill Elagin <kirelagin@gmail.com> -Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com> -(cherry picked from commit 53611213396479abfdce0f7752681572e0d26d78) ---- -diff --git a/fb/fbpict.c b/fb/fbpict.c -index d1fd0cb..57c93fd 100644 ---- a/fb/fbpict.c -+++ b/fb/fbpict.c -@@ -163,7 +163,9 @@ create_bits_picture (PicturePtr pict, - (pixman_format_code_t)pict->format, - pixmap->drawable.width, pixmap->drawable.height, - (uint32_t *)bits, stride * sizeof (FbStride)); -- -+ -+ if (!image) -+ return NULL; - - #ifdef FB_ACCESS_WRAPPER - #if FB_SHIFT==5 --- -cgit v0.9.0.2-2-gbebe -From 65469f5ea98074ab27ce0a2d482157b9d5c2cbc7 Mon Sep 17 00:00:00 2001 -From: vdb@picaros.org <vdb@picaros.org> -Date: Sat, 17 Sep 2011 16:55:47 +0000 -Subject: Fix a rare memory leak +Simply block signals when removing all devices. It's not like we're really +worrying about high-responsive input at this stage. -Signed-off-by: Servaas Vandenberghe <vdb@picaros.org> -Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com> -(cherry picked from commit e4cddf509e1729e8ff40354275b65455111ad2bd) +https://bugzilla.redhat.com/show_bug.cgi?id=737031 + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +Reviewed-by: Julien Cristau <jcristau@debian.org> +(cherry picked from commit d7c44a7c9760449bef263413ad3b20f19b1dc95a) --- -diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c -index c2814d4..3fae039 100644 ---- a/hw/xfree86/modes/xf86Crtc.c -+++ b/hw/xfree86/modes/xf86Crtc.c -@@ -133,6 +133,7 @@ xf86CrtcCreate (ScrnInfoPtr scrn, - crtcs = malloc((xf86_config->num_crtc + 1) * sizeof (xf86CrtcPtr)); - if (!crtcs) - { -+ free(crtc->gamma_red); - free(crtc); - return NULL; - } +diff --git a/dix/devices.c b/dix/devices.c +index 0ccf252..cbdd4ea 100644 +--- a/dix/devices.c ++++ b/dix/devices.c +@@ -982,6 +982,8 @@ CloseDownDevices(void) + { + DeviceIntPtr dev; + ++ OsBlockSignals(); ++ + /* Float all SDs before closing them. Note that at this point resources + * (e.g. cursors) have been freed already, so we can't just call + * AttachDevice(NULL, dev, NULL). Instead, we have to forcibly set master +@@ -1004,6 +1006,8 @@ CloseDownDevices(void) + inputInfo.keyboard = NULL; + inputInfo.pointer = NULL; + XkbDeleteRulesDflts(); ++ ++ OsReleaseSignals(); + } + + /** -- cgit v0.9.0.2-2-gbebe |