summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2013-04-13 09:32:12 -0700
committerAlan Coopersmith <alan.coopersmith@oracle.com>2013-04-13 10:06:26 -0700
commitca84a813716f9de691dc3f60390d83af4b5ae534 (patch)
treeaccc0871f9b97ddbaad77a39ddec4b5226469963
parent8eee1236041d46a21faba32e0d27c26985267d89 (diff)
Use _XEatDataWords to avoid overflow of rep.length bit shifting
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-rw-r--r--COPYING3
-rw-r--r--configure.ac6
-rw-r--r--src/Makefile.am1
-rw-r--r--src/XEVI.c4
-rw-r--r--src/XMultibuf.c3
-rw-r--r--src/XSecurity.c3
-rw-r--r--src/XShape.c3
-rw-r--r--src/XSync.c3
-rw-r--r--src/Xcup.c7
-rw-r--r--src/eat.h40
10 files changed, 64 insertions, 9 deletions
diff --git a/COPYING b/COPYING
index 80622a0..e3a63ef 100644
--- a/COPYING
+++ b/COPYING
@@ -160,7 +160,8 @@ makes no representations about the suitability for any purpose
of the information in this document. This documentation is
provided ``as is'' without express or implied warranty.
-Copyright (c) 1999, 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 1999, 2005, 2006, 2013, Oracle and/or its affiliates.
+All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
diff --git a/configure.ac b/configure.ac
index 63775de..fb9888d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -38,6 +38,12 @@ AC_SUBST(XEXT_SOREV)
# Obtain compiler/linker options for depedencies
PKG_CHECK_MODULES(XEXT, [xproto >= 7.0.13] [x11 >= 1.1.99.1] [xextproto >= 7.1.99])
+# Check for _XEatDataWords function that may be patched into older Xlib releases
+SAVE_LIBS="$LIBS"
+LIBS="$XEXT_LIBS"
+AC_CHECK_FUNCS([_XEatDataWords])
+LIBS="$SAVE_LIBS"
+
# Allow checking code with lint, sparse, etc.
XORG_WITH_LINT
XORG_LINT_LIBRARY([Xext])
diff --git a/src/Makefile.am b/src/Makefile.am
index e236c33..b828547 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -12,6 +12,7 @@ libXext_la_LDFLAGS = -version-number $(XEXT_SOREV) -no-undefined
libXext_la_LIBADD = $(XEXT_LIBS)
libXext_la_SOURCES = \
+ eat.h \
DPMS.c \
MITMisc.c \
XAppgroup.c \
diff --git a/src/XEVI.c b/src/XEVI.c
index eb09daa..0125c51 100644
--- a/src/XEVI.c
+++ b/src/XEVI.c
@@ -30,6 +30,8 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include <X11/extensions/Xext.h>
#include <X11/extensions/extutil.h>
#include <X11/Xutil.h>
+#include "eat.h"
+
static XExtensionInfo *xevi_info;/* needs to move to globals.c */
static const char *xevi_extension_name = EVINAME;
#define XeviCheckExtension(dpy,i,val) \
@@ -171,7 +173,7 @@ Status XeviGetVisualInfo(
xInfoPtr = temp_xInfo = (xExtendedVisualInfo *)Xmalloc(sz_xInfo);
xConflictPtr = temp_conflict = (VisualID32 *)Xmalloc(sz_xConflict);
if (!*evi_return || !temp_xInfo || !temp_conflict) {
- _XEatData(dpy, (sz_xInfo + sz_xConflict + 3) & ~3);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay(dpy);
SyncHandle();
if (evi_return)
diff --git a/src/XMultibuf.c b/src/XMultibuf.c
index 7a746ba..43d56d3 100644
--- a/src/XMultibuf.c
+++ b/src/XMultibuf.c
@@ -34,6 +34,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/extutil.h>
#include <X11/extensions/multibufproto.h>
#include <X11/extensions/multibuf.h>
+#include "eat.h"
static XExtensionInfo _multibuf_info_data;
static XExtensionInfo *multibuf_info = &_multibuf_info_data;
@@ -408,7 +409,7 @@ Status XmbufGetWindowAttributes (
attr->buffers = (Multibuffer *) Xmalloc((unsigned) nbytes);
nbytes = rep.length << 2;
if (! attr->buffers) {
- _XEatData(dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay(dpy);
SyncHandle();
return (0);
diff --git a/src/XSecurity.c b/src/XSecurity.c
index f8c7da1..ab17755 100644
--- a/src/XSecurity.c
+++ b/src/XSecurity.c
@@ -33,6 +33,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/extutil.h>
#include <X11/extensions/securproto.h>
#include <X11/extensions/security.h>
+#include "eat.h"
static XExtensionInfo _Security_info_data;
static XExtensionInfo *Security_info = &_Security_info_data;
@@ -282,7 +283,7 @@ XSecurityGenerateAuthorization(
}
else
{
- _XEatData(dpy, (unsigned long) (rep.dataLength + 3) & ~3);
+ _XEatDataWords(dpy, rep.length);
}
UnlockDisplay (dpy);
diff --git a/src/XShape.c b/src/XShape.c
index 6e8fbae..3987876 100644
--- a/src/XShape.c
+++ b/src/XShape.c
@@ -35,6 +35,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/extutil.h>
#include <X11/extensions/shape.h>
#include <X11/extensions/shapeproto.h>
+#include "eat.h"
static XExtensionInfo _shape_info_data;
static XExtensionInfo *shape_info = &_shape_info_data;
@@ -468,7 +469,7 @@ XRectangle *XShapeGetRectangles (
Xfree (xrects);
if (rects)
Xfree (rects);
- _XEatData (dpy, *count * sizeof (xRectangle));
+ _XEatDataWords (dpy, rep.length);
rects = NULL;
*count = 0;
} else {
diff --git a/src/XSync.c b/src/XSync.c
index 5775293..3ca1308 100644
--- a/src/XSync.c
+++ b/src/XSync.c
@@ -59,6 +59,7 @@ PERFORMANCE OF THIS SOFTWARE.
#include <X11/extensions/extutil.h>
#include <X11/extensions/sync.h>
#include <X11/extensions/syncproto.h>
+#include "eat.h"
static XExtensionInfo _sync_info_data;
static XExtensionInfo *sync_info = &_sync_info_data;
@@ -364,7 +365,7 @@ XSyncListSystemCounters(Display *dpy, int *n_counters_return)
{
if (list) Xfree((char *) list);
if (pWireSysCounter) Xfree((char *) pWireSysCounter);
- _XEatData(dpy, (unsigned long) replylen);
+ _XEatDataWords(dpy, rep.length);
list = NULL;
goto bail;
}
diff --git a/src/Xcup.c b/src/Xcup.c
index bb9e90f..1f1d625 100644
--- a/src/Xcup.c
+++ b/src/Xcup.c
@@ -36,6 +36,7 @@ in this Software without prior written authorization from The Open Group.
#include <X11/extensions/cupproto.h>
#include <X11/extensions/Xext.h>
#include <X11/extensions/extutil.h>
+#include "eat.h"
static XExtensionInfo _xcup_info_data;
static XExtensionInfo *xcup_info = &_xcup_info_data;
@@ -144,7 +145,7 @@ XcupGetReservedColormapEntries(
rbufp = rbuf;
if (rbufp == NULL) {
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return False;
@@ -221,7 +222,7 @@ XcupStoreColors(
nbytes = nentries * SIZEOF (xColorItem);
if (nentries != ncolors) {
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return False;
@@ -233,7 +234,7 @@ XcupStoreColors(
rbufp = rbuf;
if (rbufp == NULL) {
- _XEatData (dpy, (unsigned long) nbytes);
+ _XEatDataWords(dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return False;
diff --git a/src/eat.h b/src/eat.h
new file mode 100644
index 0000000..239532b
--- /dev/null
+++ b/src/eat.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the next
+ * paragraph) shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#ifndef HAVE__XEATDATAWORDS
+#include <X11/Xmd.h> /* for LONG64 on 64-bit platforms */
+#include <limits.h>
+
+static inline void _XEatDataWords(Display *dpy, unsigned long n)
+{
+# ifndef LONG64
+ if (n >= (ULONG_MAX >> 2))
+ _XIOError(dpy);
+# endif
+ _XEatData (dpy, n << 2);
+}
+#endif