summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Cristau <jcristau@debian.org>2010-07-03 19:47:55 +0100
committerJulien Cristau <jcristau@debian.org>2011-01-10 15:31:30 +0100
commitec9c97c6bf70b523bc500bd3adf62176f1bb33a4 (patch)
treef4ac424a5ca15ee0ed084ef1d83dcbd2cf22924e
parent3f0d3f4d97bce75c1828635c322b6560a45a037f (diff)
glx: validate request lengths
Reviewed-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Kristian Høgsberg <krh@bitplanet.net> Reviewed-by: Daniel Stone <daniel@fooishbar.org> Signed-off-by: Julien Cristau <jcristau@debian.org>
Diffstat
-rw-r--r--glx/glxcmds.c142
-rw-r--r--glx/xfont.c2
2 files changed, 135 insertions, 9 deletions
diff --git a/glx/glxcmds.c b/glx/glxcmds.c
index 419cc4626..566dbbe57 100644
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@@ -314,11 +314,14 @@ DoCreateContext(__GLXclientState *cl, GLXContextID gcId,
314 314
315int __glXDisp_CreateContext(__GLXclientState *cl, GLbyte *pc) 315int __glXDisp_CreateContext(__GLXclientState *cl, GLbyte *pc)
316{ 316{
317 ClientPtr client = cl->client;
317 xGLXCreateContextReq *req = (xGLXCreateContextReq *) pc; 318 xGLXCreateContextReq *req = (xGLXCreateContextReq *) pc;
318 __GLXconfig *config; 319 __GLXconfig *config;
319 __GLXscreen *pGlxScreen; 320 __GLXscreen *pGlxScreen;
320 int err; 321 int err;
321 322
323 REQUEST_SIZE_MATCH(xGLXCreateContextReq);
324
322 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err)) 325 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err))
323 return err; 326 return err;
324 if (!validGlxVisual(cl->client, pGlxScreen, req->visual, &config, &err)) 327 if (!validGlxVisual(cl->client, pGlxScreen, req->visual, &config, &err))
@@ -330,11 +333,14 @@ int __glXDisp_CreateContext(__GLXclientState *cl, GLbyte *pc)
330 333
331int __glXDisp_CreateNewContext(__GLXclientState *cl, GLbyte *pc) 334int __glXDisp_CreateNewContext(__GLXclientState *cl, GLbyte *pc)
332{ 335{
336 ClientPtr client = cl->client;
333 xGLXCreateNewContextReq *req = (xGLXCreateNewContextReq *) pc; 337 xGLXCreateNewContextReq *req = (xGLXCreateNewContextReq *) pc;
334 __GLXconfig *config; 338 __GLXconfig *config;
335 __GLXscreen *pGlxScreen; 339 __GLXscreen *pGlxScreen;
336 int err; 340 int err;
337 341
342 REQUEST_SIZE_MATCH(xGLXCreateNewContextReq);
343
338 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err)) 344 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err))
339 return err; 345 return err;
340 if (!validGlxFBConfig(cl->client, pGlxScreen, req->fbconfig, &config, &err)) 346 if (!validGlxFBConfig(cl->client, pGlxScreen, req->fbconfig, &config, &err))
@@ -346,12 +352,15 @@ int __glXDisp_CreateNewContext(__GLXclientState *cl, GLbyte *pc)
346 352
347int __glXDisp_CreateContextWithConfigSGIX(__GLXclientState *cl, GLbyte *pc) 353int __glXDisp_CreateContextWithConfigSGIX(__GLXclientState *cl, GLbyte *pc)
348{ 354{
355 ClientPtr client = cl->client;
349 xGLXCreateContextWithConfigSGIXReq *req = 356 xGLXCreateContextWithConfigSGIXReq *req =
350 (xGLXCreateContextWithConfigSGIXReq *) pc; 357 (xGLXCreateContextWithConfigSGIXReq *) pc;
351 __GLXconfig *config; 358 __GLXconfig *config;
352 __GLXscreen *pGlxScreen; 359 __GLXscreen *pGlxScreen;
353 int err; 360 int err;
354 361
362 REQUEST_SIZE_MATCH(xGLXCreateContextWithConfigSGIXReq);
363
355 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err)) 364 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err))
356 return err; 365 return err;
357 if (!validGlxFBConfig(cl->client, pGlxScreen, req->fbconfig, &config, &err)) 366 if (!validGlxFBConfig(cl->client, pGlxScreen, req->fbconfig, &config, &err))
@@ -362,10 +371,13 @@ int __glXDisp_CreateContextWithConfigSGIX(__GLXclientState *cl, GLbyte *pc)
362} 371}
363int __glXDisp_DestroyContext(__GLXclientState *cl, GLbyte *pc) 372int __glXDisp_DestroyContext(__GLXclientState *cl, GLbyte *pc)
364{ 373{
374 ClientPtr client = cl->client;
365 xGLXDestroyContextReq *req = (xGLXDestroyContextReq *) pc; 375 xGLXDestroyContextReq *req = (xGLXDestroyContextReq *) pc;
366 __GLXcontext *glxc; 376 __GLXcontext *glxc;
367 int err; 377 int err;
368 378
379 REQUEST_SIZE_MATCH(xGLXDestroyContextReq);
380
369 if (!validGlxContext(cl->client, req->context, DixDestroyAccess, 381 if (!validGlxContext(cl->client, req->context, DixDestroyAccess,
370 &glxc, &err)) 382 &glxc, &err))
371 return err; 383 return err;
@@ -685,24 +697,33 @@ DoMakeCurrent(__GLXclientState *cl,
685 697
686int __glXDisp_MakeCurrent(__GLXclientState *cl, GLbyte *pc) 698int __glXDisp_MakeCurrent(__GLXclientState *cl, GLbyte *pc)
687{ 699{
700 ClientPtr client = cl->client;
688 xGLXMakeCurrentReq *req = (xGLXMakeCurrentReq *) pc; 701 xGLXMakeCurrentReq *req = (xGLXMakeCurrentReq *) pc;
689 702
703 REQUEST_SIZE_MATCH(xGLXMakeCurrentReq);
704
690 return DoMakeCurrent( cl, req->drawable, req->drawable, 705 return DoMakeCurrent( cl, req->drawable, req->drawable,
691 req->context, req->oldContextTag ); 706 req->context, req->oldContextTag );
692} 707}
693 708
694int __glXDisp_MakeContextCurrent(__GLXclientState *cl, GLbyte *pc) 709int __glXDisp_MakeContextCurrent(__GLXclientState *cl, GLbyte *pc)
695{ 710{
711 ClientPtr client = cl->client;
696 xGLXMakeContextCurrentReq *req = (xGLXMakeContextCurrentReq *) pc; 712 xGLXMakeContextCurrentReq *req = (xGLXMakeContextCurrentReq *) pc;
697 713
714 REQUEST_SIZE_MATCH(xGLXMakeContextCurrentReq);
715
698 return DoMakeCurrent( cl, req->drawable, req->readdrawable, 716 return DoMakeCurrent( cl, req->drawable, req->readdrawable,
699 req->context, req->oldContextTag ); 717 req->context, req->oldContextTag );
700} 718}
701 719
702int __glXDisp_MakeCurrentReadSGI(__GLXclientState *cl, GLbyte *pc) 720int __glXDisp_MakeCurrentReadSGI(__GLXclientState *cl, GLbyte *pc)
703{ 721{
722 ClientPtr client = cl->client;
704 xGLXMakeCurrentReadSGIReq *req = (xGLXMakeCurrentReadSGIReq *) pc; 723 xGLXMakeCurrentReadSGIReq *req = (xGLXMakeCurrentReadSGIReq *) pc;
705 724
725 REQUEST_SIZE_MATCH(xGLXMakeCurrentReadSGIReq);
726
706 return DoMakeCurrent( cl, req->drawable, req->readable, 727 return DoMakeCurrent( cl, req->drawable, req->readable,
707 req->context, req->oldContextTag ); 728 req->context, req->oldContextTag );
708} 729}
@@ -715,6 +736,8 @@ int __glXDisp_IsDirect(__GLXclientState *cl, GLbyte *pc)
715 __GLXcontext *glxc; 736 __GLXcontext *glxc;
716 int err; 737 int err;
717 738
739 REQUEST_SIZE_MATCH(xGLXIsDirectReq);
740
718 if (!validGlxContext(cl->client, req->context, DixReadAccess, &glxc, &err)) 741 if (!validGlxContext(cl->client, req->context, DixReadAccess, &glxc, &err))
719 return err; 742 return err;
720 743
@@ -739,6 +762,8 @@ int __glXDisp_QueryVersion(__GLXclientState *cl, GLbyte *pc)
739 xGLXQueryVersionReply reply; 762 xGLXQueryVersionReply reply;
740 GLuint major, minor; 763 GLuint major, minor;
741 764
765 REQUEST_SIZE_MATCH(xGLXQueryVersionReq);
766
742 major = req->majorVersion; 767 major = req->majorVersion;
743 minor = req->minorVersion; 768 minor = req->minorVersion;
744 (void)major; 769 (void)major;
@@ -765,11 +790,15 @@ int __glXDisp_QueryVersion(__GLXclientState *cl, GLbyte *pc)
765 790
766int __glXDisp_WaitGL(__GLXclientState *cl, GLbyte *pc) 791int __glXDisp_WaitGL(__GLXclientState *cl, GLbyte *pc)
767{ 792{
793 ClientPtr client = cl->client;
768 xGLXWaitGLReq *req = (xGLXWaitGLReq *)pc; 794 xGLXWaitGLReq *req = (xGLXWaitGLReq *)pc;
769 GLXContextTag tag = req->contextTag; 795 GLXContextTag tag;
770 __GLXcontext *glxc = NULL; 796 __GLXcontext *glxc = NULL;
771 int error; 797 int error;
772 798
799 REQUEST_SIZE_MATCH(xGLXWaitGLReq);
800
801 tag = req->contextTag;
773 if (tag) { 802 if (tag) {
774 glxc = __glXLookupContextByTag(cl, tag); 803 glxc = __glXLookupContextByTag(cl, tag);
775 if (!glxc) 804 if (!glxc)
@@ -789,11 +818,15 @@ int __glXDisp_WaitGL(__GLXclientState *cl, GLbyte *pc)
789 818
790int __glXDisp_WaitX(__GLXclientState *cl, GLbyte *pc) 819int __glXDisp_WaitX(__GLXclientState *cl, GLbyte *pc)
791{ 820{
821 ClientPtr client = cl->client;
792 xGLXWaitXReq *req = (xGLXWaitXReq *)pc; 822 xGLXWaitXReq *req = (xGLXWaitXReq *)pc;
793 GLXContextTag tag = req->contextTag; 823 GLXContextTag tag;
794 __GLXcontext *glxc = NULL; 824 __GLXcontext *glxc = NULL;
795 int error; 825 int error;
796 826
827 REQUEST_SIZE_MATCH(xGLXWaitXReq);
828
829 tag = req->contextTag;
797 if (tag) { 830 if (tag) {
798 glxc = __glXLookupContextByTag(cl, tag); 831 glxc = __glXLookupContextByTag(cl, tag);
799 if (!glxc) 832 if (!glxc)
@@ -813,13 +846,19 @@ int __glXDisp_CopyContext(__GLXclientState *cl, GLbyte *pc)
813{ 846{
814 ClientPtr client = cl->client; 847 ClientPtr client = cl->client;
815 xGLXCopyContextReq *req = (xGLXCopyContextReq *) pc; 848 xGLXCopyContextReq *req = (xGLXCopyContextReq *) pc;
816 GLXContextID source = req->source; 849 GLXContextID source;
817 GLXContextID dest = req->dest; 850 GLXContextID dest;
818 GLXContextTag tag = req->contextTag; 851 GLXContextTag tag;
819 unsigned long mask = req->mask; 852 unsigned long mask;
820 __GLXcontext *src, *dst; 853 __GLXcontext *src, *dst;
821 int error; 854 int error;
822 855
856 REQUEST_SIZE_MATCH(xGLXCopyContextReq);
857
858 source = req->source;
859 dest = req->dest;
860 tag = req->contextTag;
861 mask = req->mask;
823 if (!validGlxContext(cl->client, source, DixReadAccess, &src, &error)) 862 if (!validGlxContext(cl->client, source, DixReadAccess, &src, &error))
824 return error; 863 return error;
825 if (!validGlxContext(cl->client, dest, DixWriteAccess, &dst, &error)) 864 if (!validGlxContext(cl->client, dest, DixWriteAccess, &dst, &error))
@@ -902,6 +941,8 @@ int __glXDisp_GetVisualConfigs(__GLXclientState *cl, GLbyte *pc)
902 __GLX_DECLARE_SWAP_VARIABLES; 941 __GLX_DECLARE_SWAP_VARIABLES;
903 __GLX_DECLARE_SWAP_ARRAY_VARIABLES; 942 __GLX_DECLARE_SWAP_ARRAY_VARIABLES;
904 943
944 REQUEST_SIZE_MATCH(xGLXGetVisualConfigsReq);
945
905 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err)) 946 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err))
906 return err; 947 return err;
907 948
@@ -1081,13 +1122,17 @@ DoGetFBConfigs(__GLXclientState *cl, unsigned screen)
1081 1122
1082int __glXDisp_GetFBConfigs(__GLXclientState *cl, GLbyte *pc) 1123int __glXDisp_GetFBConfigs(__GLXclientState *cl, GLbyte *pc)
1083{ 1124{
1125 ClientPtr client = cl->client;
1084 xGLXGetFBConfigsReq *req = (xGLXGetFBConfigsReq *) pc; 1126 xGLXGetFBConfigsReq *req = (xGLXGetFBConfigsReq *) pc;
1127 REQUEST_SIZE_MATCH(xGLXGetFBConfigsReq);
1085 return DoGetFBConfigs(cl, req->screen); 1128 return DoGetFBConfigs(cl, req->screen);
1086} 1129}
1087 1130
1088int __glXDisp_GetFBConfigsSGIX(__GLXclientState *cl, GLbyte *pc) 1131int __glXDisp_GetFBConfigsSGIX(__GLXclientState *cl, GLbyte *pc)
1089{ 1132{
1133 ClientPtr client = cl->client;
1090 xGLXGetFBConfigsSGIXReq *req = (xGLXGetFBConfigsSGIXReq *) pc; 1134 xGLXGetFBConfigsSGIXReq *req = (xGLXGetFBConfigsSGIXReq *) pc;
1135 REQUEST_SIZE_MATCH(xGLXGetFBConfigsSGIXReq);
1091 return DoGetFBConfigs(cl, req->screen); 1136 return DoGetFBConfigs(cl, req->screen);
1092} 1137}
1093 1138
@@ -1213,11 +1258,14 @@ determineTextureTarget(ClientPtr client, XID glxDrawableID,
1213 1258
1214int __glXDisp_CreateGLXPixmap(__GLXclientState *cl, GLbyte *pc) 1259int __glXDisp_CreateGLXPixmap(__GLXclientState *cl, GLbyte *pc)
1215{ 1260{
1261 ClientPtr client = cl->client;
1216 xGLXCreateGLXPixmapReq *req = (xGLXCreateGLXPixmapReq *) pc; 1262 xGLXCreateGLXPixmapReq *req = (xGLXCreateGLXPixmapReq *) pc;
1217 __GLXconfig *config; 1263 __GLXconfig *config;
1218 __GLXscreen *pGlxScreen; 1264 __GLXscreen *pGlxScreen;
1219 int err; 1265 int err;
1220 1266
1267 REQUEST_SIZE_MATCH(xGLXCreateGLXPixmapReq);
1268
1221 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err)) 1269 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err))
1222 return err; 1270 return err;
1223 if (!validGlxVisual(cl->client, pGlxScreen, req->visual, &config, &err)) 1271 if (!validGlxVisual(cl->client, pGlxScreen, req->visual, &config, &err))
@@ -1229,11 +1277,14 @@ int __glXDisp_CreateGLXPixmap(__GLXclientState *cl, GLbyte *pc)
1229 1277
1230int __glXDisp_CreatePixmap(__GLXclientState *cl, GLbyte *pc) 1278int __glXDisp_CreatePixmap(__GLXclientState *cl, GLbyte *pc)
1231{ 1279{
1280 ClientPtr client = cl->client;
1232 xGLXCreatePixmapReq *req = (xGLXCreatePixmapReq *) pc; 1281 xGLXCreatePixmapReq *req = (xGLXCreatePixmapReq *) pc;
1233 __GLXconfig *config; 1282 __GLXconfig *config;
1234 __GLXscreen *pGlxScreen; 1283 __GLXscreen *pGlxScreen;
1235 int err; 1284 int err;
1236 1285
1286 REQUEST_FIXED_SIZE(xGLXCreatePixmapReq, req->numAttribs << 3);
1287
1237 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err)) 1288 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err))
1238 return err; 1289 return err;
1239 if (!validGlxFBConfig(cl->client, pGlxScreen, req->fbconfig, &config, &err)) 1290 if (!validGlxFBConfig(cl->client, pGlxScreen, req->fbconfig, &config, &err))
@@ -1252,12 +1303,15 @@ int __glXDisp_CreatePixmap(__GLXclientState *cl, GLbyte *pc)
1252 1303
1253int __glXDisp_CreateGLXPixmapWithConfigSGIX(__GLXclientState *cl, GLbyte *pc) 1304int __glXDisp_CreateGLXPixmapWithConfigSGIX(__GLXclientState *cl, GLbyte *pc)
1254{ 1305{
1306 ClientPtr client = cl->client;
1255 xGLXCreateGLXPixmapWithConfigSGIXReq *req = 1307 xGLXCreateGLXPixmapWithConfigSGIXReq *req =
1256 (xGLXCreateGLXPixmapWithConfigSGIXReq *) pc; 1308 (xGLXCreateGLXPixmapWithConfigSGIXReq *) pc;
1257 __GLXconfig *config; 1309 __GLXconfig *config;
1258 __GLXscreen *pGlxScreen; 1310 __GLXscreen *pGlxScreen;
1259 int err; 1311 int err;
1260 1312
1313 REQUEST_SIZE_MATCH(xGLXCreateGLXPixmapWithConfigSGIXReq);
1314
1261 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err)) 1315 if (!validGlxScreen(cl->client, req->screen, &pGlxScreen, &err))
1262 return err; 1316 return err;
1263 if (!validGlxFBConfig(cl->client, pGlxScreen, req->fbconfig, &config, &err)) 1317 if (!validGlxFBConfig(cl->client, pGlxScreen, req->fbconfig, &config, &err))
@@ -1284,15 +1338,21 @@ static int DoDestroyDrawable(__GLXclientState *cl, XID glxdrawable, int type)
1284 1338
1285int __glXDisp_DestroyGLXPixmap(__GLXclientState *cl, GLbyte *pc) 1339int __glXDisp_DestroyGLXPixmap(__GLXclientState *cl, GLbyte *pc)
1286{ 1340{
1341 ClientPtr client = cl->client;
1287 xGLXDestroyGLXPixmapReq *req = (xGLXDestroyGLXPixmapReq *) pc; 1342 xGLXDestroyGLXPixmapReq *req = (xGLXDestroyGLXPixmapReq *) pc;
1288 1343
1344 REQUEST_SIZE_MATCH(xGLXDestroyGLXPixmapReq);
1345
1289 return DoDestroyDrawable(cl, req->glxpixmap, GLX_DRAWABLE_PIXMAP); 1346 return DoDestroyDrawable(cl, req->glxpixmap, GLX_DRAWABLE_PIXMAP);
1290} 1347}
1291 1348
1292int __glXDisp_DestroyPixmap(__GLXclientState *cl, GLbyte *pc) 1349int __glXDisp_DestroyPixmap(__GLXclientState *cl, GLbyte *pc)
1293{ 1350{
1351 ClientPtr client = cl->client;
1294 xGLXDestroyPixmapReq *req = (xGLXDestroyPixmapReq *) pc; 1352 xGLXDestroyPixmapReq *req = (xGLXDestroyPixmapReq *) pc;
1295 1353
1354 REQUEST_SIZE_MATCH(xGLXDestroyPixmapReq);
1355
1296 return DoDestroyDrawable(cl, req->glxpixmap, GLX_DRAWABLE_PIXMAP); 1356 return DoDestroyDrawable(cl, req->glxpixmap, GLX_DRAWABLE_PIXMAP);
1297} 1357}
1298 1358
@@ -1331,10 +1391,13 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId,
1331 1391
1332int __glXDisp_CreatePbuffer(__GLXclientState *cl, GLbyte *pc) 1392int __glXDisp_CreatePbuffer(__GLXclientState *cl, GLbyte *pc)
1333{ 1393{
1394 ClientPtr client = cl->client;
1334 xGLXCreatePbufferReq *req = (xGLXCreatePbufferReq *) pc; 1395 xGLXCreatePbufferReq *req = (xGLXCreatePbufferReq *) pc;
1335 CARD32 *attrs; 1396 CARD32 *attrs;
1336 int width, height, i; 1397 int width, height, i;
1337 1398
1399 REQUEST_FIXED_SIZE(xGLXCreatePbufferReq, req->numAttribs << 3);
1400
1338 attrs = (CARD32 *) (req + 1); 1401 attrs = (CARD32 *) (req + 1);
1339 width = 0; 1402 width = 0;
1340 height = 0; 1403 height = 0;
@@ -1360,23 +1423,32 @@ int __glXDisp_CreatePbuffer(__GLXclientState *cl, GLbyte *pc)
1360 1423
1361int __glXDisp_CreateGLXPbufferSGIX(__GLXclientState *cl, GLbyte *pc) 1424int __glXDisp_CreateGLXPbufferSGIX(__GLXclientState *cl, GLbyte *pc)
1362{ 1425{
1426 ClientPtr client = cl->client;
1363 xGLXCreateGLXPbufferSGIXReq *req = (xGLXCreateGLXPbufferSGIXReq *) pc; 1427 xGLXCreateGLXPbufferSGIXReq *req = (xGLXCreateGLXPbufferSGIXReq *) pc;
1364 1428
1429 REQUEST_SIZE_MATCH(xGLXCreateGLXPbufferSGIXReq);
1430
1365 return DoCreatePbuffer(cl->client, req->screen, req->fbconfig, 1431 return DoCreatePbuffer(cl->client, req->screen, req->fbconfig,
1366 req->width, req->height, req->pbuffer); 1432 req->width, req->height, req->pbuffer);
1367} 1433}
1368 1434
1369int __glXDisp_DestroyPbuffer(__GLXclientState *cl, GLbyte *pc) 1435int __glXDisp_DestroyPbuffer(__GLXclientState *cl, GLbyte *pc)
1370{ 1436{
1437 ClientPtr client = cl->client;
1371 xGLXDestroyPbufferReq *req = (xGLXDestroyPbufferReq *) pc; 1438 xGLXDestroyPbufferReq *req = (xGLXDestroyPbufferReq *) pc;
1372 1439
1440 REQUEST_SIZE_MATCH(xGLXDestroyPbufferReq);
1441
1373 return DoDestroyDrawable(cl, req->pbuffer, GLX_DRAWABLE_PBUFFER); 1442 return DoDestroyDrawable(cl, req->pbuffer, GLX_DRAWABLE_PBUFFER);
1374} 1443}
1375 1444
1376int __glXDisp_DestroyGLXPbufferSGIX(__GLXclientState *cl, GLbyte *pc) 1445int __glXDisp_DestroyGLXPbufferSGIX(__GLXclientState *cl, GLbyte *pc)
1377{ 1446{
1447 ClientPtr client = cl->client;
1378 xGLXDestroyGLXPbufferSGIXReq *req = (xGLXDestroyGLXPbufferSGIXReq *) pc; 1448 xGLXDestroyGLXPbufferSGIXReq *req = (xGLXDestroyGLXPbufferSGIXReq *) pc;
1379 1449
1450 REQUEST_SIZE_MATCH(xGLXDestroyGLXPbufferSGIXReq);
1451
1380 return DoDestroyDrawable(cl, req->pbuffer, GLX_DRAWABLE_PBUFFER); 1452 return DoDestroyDrawable(cl, req->pbuffer, GLX_DRAWABLE_PBUFFER);
1381} 1453}
1382 1454
@@ -1407,18 +1479,24 @@ DoChangeDrawableAttributes(ClientPtr client, XID glxdrawable,
1407 1479
1408int __glXDisp_ChangeDrawableAttributes(__GLXclientState *cl, GLbyte *pc) 1480int __glXDisp_ChangeDrawableAttributes(__GLXclientState *cl, GLbyte *pc)
1409{ 1481{
1482 ClientPtr client = cl->client;
1410 xGLXChangeDrawableAttributesReq *req = 1483 xGLXChangeDrawableAttributesReq *req =
1411 (xGLXChangeDrawableAttributesReq *) pc; 1484 (xGLXChangeDrawableAttributesReq *) pc;
1412 1485
1486 REQUEST_FIXED_SIZE(xGLXChangeDrawableAttributesReq, req->numAttribs << 3);
1487
1413 return DoChangeDrawableAttributes(cl->client, req->drawable, 1488 return DoChangeDrawableAttributes(cl->client, req->drawable,
1414 req->numAttribs, (CARD32 *) (req + 1)); 1489 req->numAttribs, (CARD32 *) (req + 1));
1415} 1490}
1416 1491
1417int __glXDisp_ChangeDrawableAttributesSGIX(__GLXclientState *cl, GLbyte *pc) 1492int __glXDisp_ChangeDrawableAttributesSGIX(__GLXclientState *cl, GLbyte *pc)
1418{ 1493{
1494 ClientPtr client = cl->client;
1419 xGLXChangeDrawableAttributesSGIXReq *req = 1495 xGLXChangeDrawableAttributesSGIXReq *req =
1420 (xGLXChangeDrawableAttributesSGIXReq *)pc; 1496 (xGLXChangeDrawableAttributesSGIXReq *)pc;
1421 1497
1498 REQUEST_FIXED_SIZE(xGLXChangeDrawableAttributesSGIXReq, req->numAttribs << 3);
1499
1422 return DoChangeDrawableAttributes(cl->client, req->drawable, 1500 return DoChangeDrawableAttributes(cl->client, req->drawable,
1423 req->numAttribs, (CARD32 *) (req + 1)); 1501 req->numAttribs, (CARD32 *) (req + 1));
1424} 1502}
@@ -1432,6 +1510,8 @@ int __glXDisp_CreateWindow(__GLXclientState *cl, GLbyte *pc)
1432 DrawablePtr pDraw; 1510 DrawablePtr pDraw;
1433 int err; 1511 int err;
1434 1512
1513 REQUEST_FIXED_SIZE(xGLXCreateWindowReq, req->numAttribs << 3);
1514
1435 LEGAL_NEW_RESOURCE(req->glxwindow, client); 1515 LEGAL_NEW_RESOURCE(req->glxwindow, client);
1436 1516
1437 if (!validGlxScreen(client, req->screen, &pGlxScreen, &err)) 1517 if (!validGlxScreen(client, req->screen, &pGlxScreen, &err))
@@ -1455,8 +1535,11 @@ int __glXDisp_CreateWindow(__GLXclientState *cl, GLbyte *pc)
1455 1535
1456int __glXDisp_DestroyWindow(__GLXclientState *cl, GLbyte *pc) 1536int __glXDisp_DestroyWindow(__GLXclientState *cl, GLbyte *pc)
1457{ 1537{
1538 ClientPtr client = cl->client;
1458 xGLXDestroyWindowReq *req = (xGLXDestroyWindowReq *) pc; 1539 xGLXDestroyWindowReq *req = (xGLXDestroyWindowReq *) pc;
1459 1540
1541 REQUEST_SIZE_MATCH(xGLXDestroyWindowReq);
1542
1460 return DoDestroyDrawable(cl, req->glxwindow, GLX_DRAWABLE_WINDOW); 1543 return DoDestroyDrawable(cl, req->glxwindow, GLX_DRAWABLE_WINDOW);
1461} 1544}
1462 1545
@@ -1472,12 +1555,16 @@ int __glXDisp_SwapBuffers(__GLXclientState *cl, GLbyte *pc)
1472{ 1555{
1473 ClientPtr client = cl->client; 1556 ClientPtr client = cl->client;
1474 xGLXSwapBuffersReq *req = (xGLXSwapBuffersReq *) pc; 1557 xGLXSwapBuffersReq *req = (xGLXSwapBuffersReq *) pc;
1475 GLXContextTag tag = req->contextTag; 1558 GLXContextTag tag;
1476 XID drawId = req->drawable; 1559 XID drawId;
1477 __GLXcontext *glxc = NULL; 1560 __GLXcontext *glxc = NULL;
1478 __GLXdrawable *pGlxDraw; 1561 __GLXdrawable *pGlxDraw;
1479 int error; 1562 int error;
1480 1563
1564 REQUEST_SIZE_MATCH(xGLXSwapBuffersReq);
1565
1566 tag = req->contextTag;
1567 drawId = req->drawable;
1481 if (tag) { 1568 if (tag) {
1482 glxc = __glXLookupContextByTag(cl, tag); 1569 glxc = __glXLookupContextByTag(cl, tag);
1483 if (!glxc) { 1570 if (!glxc) {
@@ -1558,15 +1645,21 @@ DoQueryContext(__GLXclientState *cl, GLXContextID gcId)
1558 1645
1559int __glXDisp_QueryContextInfoEXT(__GLXclientState *cl, GLbyte *pc) 1646int __glXDisp_QueryContextInfoEXT(__GLXclientState *cl, GLbyte *pc)
1560{ 1647{
1648 ClientPtr client = cl->client;
1561 xGLXQueryContextInfoEXTReq *req = (xGLXQueryContextInfoEXTReq *) pc; 1649 xGLXQueryContextInfoEXTReq *req = (xGLXQueryContextInfoEXTReq *) pc;
1562 1650
1651 REQUEST_SIZE_MATCH(xGLXQueryContextInfoEXTReq);
1652
1563 return DoQueryContext(cl, req->context); 1653 return DoQueryContext(cl, req->context);
1564} 1654}
1565 1655
1566int __glXDisp_QueryContext(__GLXclientState *cl, GLbyte *pc) 1656int __glXDisp_QueryContext(__GLXclientState *cl, GLbyte *pc)
1567{ 1657{
1658 ClientPtr client = cl->client;
1568 xGLXQueryContextReq *req = (xGLXQueryContextReq *) pc; 1659 xGLXQueryContextReq *req = (xGLXQueryContextReq *) pc;
1569 1660
1661 REQUEST_SIZE_MATCH(xGLXQueryContextReq);
1662
1570 return DoQueryContext(cl, req->context); 1663 return DoQueryContext(cl, req->context);
1571} 1664}
1572 1665
@@ -1580,6 +1673,8 @@ int __glXDisp_BindTexImageEXT(__GLXclientState *cl, GLbyte *pc)
1580 int buffer; 1673 int buffer;
1581 int error; 1674 int error;
1582 1675
1676 REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 8);
1677
1583 pc += __GLX_VENDPRIV_HDR_SIZE; 1678 pc += __GLX_VENDPRIV_HDR_SIZE;
1584 1679
1585 drawId = *((CARD32 *) (pc)); 1680 drawId = *((CARD32 *) (pc));
@@ -1614,6 +1709,8 @@ int __glXDisp_ReleaseTexImageEXT(__GLXclientState *cl, GLbyte *pc)
1614 int buffer; 1709 int buffer;
1615 int error; 1710 int error;
1616 1711
1712 REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 8);
1713
1617 pc += __GLX_VENDPRIV_HDR_SIZE; 1714 pc += __GLX_VENDPRIV_HDR_SIZE;
1618 1715
1619 drawId = *((CARD32 *) (pc)); 1716 drawId = *((CARD32 *) (pc));
@@ -1649,6 +1746,8 @@ int __glXDisp_CopySubBufferMESA(__GLXclientState *cl, GLbyte *pc)
1649 (void) client; 1746 (void) client;
1650 (void) req; 1747 (void) req;
1651 1748
1749 REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 20);
1750
1652 pc += __GLX_VENDPRIV_HDR_SIZE; 1751 pc += __GLX_VENDPRIV_HDR_SIZE;
1653 1752
1654 drawId = *((CARD32 *) (pc)); 1753 drawId = *((CARD32 *) (pc));
@@ -1737,16 +1836,22 @@ DoGetDrawableAttributes(__GLXclientState *cl, XID drawId)
1737 1836
1738int __glXDisp_GetDrawableAttributes(__GLXclientState *cl, GLbyte *pc) 1837int __glXDisp_GetDrawableAttributes(__GLXclientState *cl, GLbyte *pc)
1739{ 1838{
1839 ClientPtr client = cl->client;
1740 xGLXGetDrawableAttributesReq *req = (xGLXGetDrawableAttributesReq *)pc; 1840 xGLXGetDrawableAttributesReq *req = (xGLXGetDrawableAttributesReq *)pc;
1741 1841
1842 REQUEST_SIZE_MATCH(xGLXGetDrawableAttributesReq);
1843
1742 return DoGetDrawableAttributes(cl, req->drawable); 1844 return DoGetDrawableAttributes(cl, req->drawable);
1743} 1845}
1744 1846
1745int __glXDisp_GetDrawableAttributesSGIX(__GLXclientState *cl, GLbyte *pc) 1847int __glXDisp_GetDrawableAttributesSGIX(__GLXclientState *cl, GLbyte *pc)
1746{ 1848{
1849 ClientPtr client = cl->client;
1747 xGLXGetDrawableAttributesSGIXReq *req = 1850 xGLXGetDrawableAttributesSGIXReq *req =
1748 (xGLXGetDrawableAttributesSGIXReq *)pc; 1851 (xGLXGetDrawableAttributesSGIXReq *)pc;
1749 1852
1853 REQUEST_SIZE_MATCH(xGLXGetDrawableAttributesSGIXReq);
1854
1750 return DoGetDrawableAttributes(cl, req->drawable); 1855 return DoGetDrawableAttributes(cl, req->drawable);
1751} 1856}
1752 1857
@@ -1771,6 +1876,8 @@ int __glXDisp_Render(__GLXclientState *cl, GLbyte *pc)
1771 __GLXcontext *glxc; 1876 __GLXcontext *glxc;
1772 __GLX_DECLARE_SWAP_VARIABLES; 1877 __GLX_DECLARE_SWAP_VARIABLES;
1773 1878
1879 REQUEST_AT_LEAST_SIZE(xGLXRenderReq);
1880
1774 req = (xGLXRenderReq *) pc; 1881 req = (xGLXRenderReq *) pc;
1775 if (client->swapped) { 1882 if (client->swapped) {
1776 __GLX_SWAP_SHORT(&req->length); 1883 __GLX_SWAP_SHORT(&req->length);
@@ -1791,6 +1898,9 @@ int __glXDisp_Render(__GLXclientState *cl, GLbyte *pc)
1791 __GLXdispatchRenderProcPtr proc; 1898 __GLXdispatchRenderProcPtr proc;
1792 int err; 1899 int err;
1793 1900
1901 if (left < sizeof(__GLXrenderHeader))
1902 return BadLength;
1903
1794 /* 1904 /*
1795 ** Verify that the header length and the overall length agree. 1905 ** Verify that the header length and the overall length agree.
1796 ** Also, each command must be word aligned. 1906 ** Also, each command must be word aligned.
@@ -2069,10 +2179,12 @@ int __glXDisp_RenderLarge(__GLXclientState *cl, GLbyte *pc)
2069 2179
2070int __glXDisp_VendorPrivate(__GLXclientState *cl, GLbyte *pc) 2180int __glXDisp_VendorPrivate(__GLXclientState *cl, GLbyte *pc)
2071{ 2181{
2182 ClientPtr client = cl->client;
2072 xGLXVendorPrivateReq *req = (xGLXVendorPrivateReq *) pc; 2183 xGLXVendorPrivateReq *req = (xGLXVendorPrivateReq *) pc;
2073 GLint vendorcode = req->vendorCode; 2184 GLint vendorcode = req->vendorCode;
2074 __GLXdispatchVendorPrivProcPtr proc; 2185 __GLXdispatchVendorPrivProcPtr proc;
2075 2186
2187 REQUEST_AT_LEAST_SIZE(xGLXVendorPrivateReq);
2076 2188
2077 proc = (__GLXdispatchVendorPrivProcPtr) 2189 proc = (__GLXdispatchVendorPrivProcPtr)
2078 __glXGetProtocolDecodeFunction(& VendorPriv_dispatch_info, 2190 __glXGetProtocolDecodeFunction(& VendorPriv_dispatch_info,
@@ -2088,10 +2200,12 @@ int __glXDisp_VendorPrivate(__GLXclientState *cl, GLbyte *pc)
2088 2200
2089int __glXDisp_VendorPrivateWithReply(__GLXclientState *cl, GLbyte *pc) 2201int __glXDisp_VendorPrivateWithReply(__GLXclientState *cl, GLbyte *pc)
2090{ 2202{
2203 ClientPtr client = cl->client;
2091 xGLXVendorPrivateReq *req = (xGLXVendorPrivateReq *) pc; 2204 xGLXVendorPrivateReq *req = (xGLXVendorPrivateReq *) pc;
2092 GLint vendorcode = req->vendorCode; 2205 GLint vendorcode = req->vendorCode;
2093 __GLXdispatchVendorPrivProcPtr proc; 2206 __GLXdispatchVendorPrivProcPtr proc;
2094 2207
2208 REQUEST_AT_LEAST_SIZE(xGLXVendorPrivateReq);
2095 2209
2096 proc = (__GLXdispatchVendorPrivProcPtr) 2210 proc = (__GLXdispatchVendorPrivProcPtr)
2097 __glXGetProtocolDecodeFunction(& VendorPriv_dispatch_info, 2211 __glXGetProtocolDecodeFunction(& VendorPriv_dispatch_info,
@@ -2114,6 +2228,8 @@ int __glXDisp_QueryExtensionsString(__GLXclientState *cl, GLbyte *pc)
2114 char *buf; 2228 char *buf;
2115 int err; 2229 int err;
2116 2230
2231 REQUEST_SIZE_MATCH(xGLXQueryExtensionsStringReq);
2232
2117 if (!validGlxScreen(client, req->screen, &pGlxScreen, &err)) 2233 if (!validGlxScreen(client, req->screen, &pGlxScreen, &err))
2118 return err; 2234 return err;
2119 2235
@@ -2153,6 +2269,8 @@ int __glXDisp_QueryServerString(__GLXclientState *cl, GLbyte *pc)
2153 int err; 2269 int err;
2154 char ver_str[16]; 2270 char ver_str[16];
2155 2271
2272 REQUEST_SIZE_MATCH(xGLXQueryServerStringReq);
2273
2156 if (!validGlxScreen(client, req->screen, &pGlxScreen, &err)) 2274 if (!validGlxScreen(client, req->screen, &pGlxScreen, &err))
2157 return err; 2275 return err;
2158 2276
@@ -2200,13 +2318,19 @@ int __glXDisp_QueryServerString(__GLXclientState *cl, GLbyte *pc)
2200 2318
2201int __glXDisp_ClientInfo(__GLXclientState *cl, GLbyte *pc) 2319int __glXDisp_ClientInfo(__GLXclientState *cl, GLbyte *pc)
2202{ 2320{
2321 ClientPtr client = cl->client;
2203 xGLXClientInfoReq *req = (xGLXClientInfoReq *) pc; 2322 xGLXClientInfoReq *req = (xGLXClientInfoReq *) pc;
2204 const char *buf; 2323 const char *buf;
2205 2324
2325 REQUEST_AT_LEAST_SIZE(xGLXClientInfoReq);
2326
2327 buf = (const char *)(req+1);
2328 if (!memchr(buf, 0, (client->req_len << 2) - sizeof(xGLXClientInfoReq)))
2329 return BadLength;
2330
2206 cl->GLClientmajorVersion = req->major; 2331 cl->GLClientmajorVersion = req->major;
2207 cl->GLClientminorVersion = req->minor; 2332 cl->GLClientminorVersion = req->minor;
2208 free(cl->GLClientextensions); 2333 free(cl->GLClientextensions);
2209 buf = (const char *)(req+1);
2210 cl->GLClientextensions = strdup(buf); 2334 cl->GLClientextensions = strdup(buf);
2211 2335
2212 return Success; 2336 return Success;
diff --git a/glx/xfont.c b/glx/xfont.c
index 99437842e..84a301f9b 100644
--- a/glx/xfont.c
+++ b/glx/xfont.c
@@ -154,6 +154,8 @@ int __glXDisp_UseXFont(__GLXclientState *cl, GLbyte *pc)
154 __GLXcontext *cx; 154 __GLXcontext *cx;
155 int error; 155 int error;
156 156
157 REQUEST_SIZE_MATCH(xGLXUseXFontReq);
158
157 req = (xGLXUseXFontReq *) pc; 159 req = (xGLXUseXFontReq *) pc;
158 cx = __glXForceCurrent(cl, req->contextTag, &error); 160 cx = __glXForceCurrent(cl, req->contextTag, &error);
159 if (!cx) { 161 if (!cx) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 21:01:57 +0000