summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2023-09-18XRRGetMonitors(): free correct pointer in error pathAlan Coopersmith1-1/+1
If we are dumping an invalid response from the server, make sure to free the pointer returned by malloc, not our pointer to somewhere later in that buffer. Fixes: a0df3e1 ("Avoid out of boundary accesses on illegal responses") Reported-by: Gregory James DUCK <gjduck@gmail.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2022-10-17Remove unnecessary casts of return values from malloc()Alan Coopersmith7-10/+10
Not needed in C89 and later Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2022-10-17Variable scope reductions as recommended by cppcheckAlan Coopersmith7-52/+41
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2022-10-17XRRGetProviderInfo: Remove unneeded ProviderInfoExtraAlan Coopersmith1-9/+5
It was always 0, hence caused gcc warnings: XrrProvider.c: In function ‘XRRGetProviderInfo’: XrrProvider.c:133:49: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if (rep.length > INT_MAX >> 2 || rep.length < ProviderInfoExtra >> 2) ^ XrrProvider.c:135:17: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if (rep.length < ProviderInfoExtra >> 2) ^ XrrProvider.c:135:5: warning: this condition has identical branches [-Wduplicated-branches] if (rep.length < ProviderInfoExtra >> 2) ^ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2022-07-17Fix spelling/wording issuesAlan Coopersmith1-2/+2
Found by using: codespell --builtin clear,rare,usage,informal,code,names Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2017-01-28Fix memory leak on error pathsTobias Stoeckmann1-0/+4
Introduced in commit a0df3e1c7728205e5c7650b2e6dce684139254a6 "Avoid out of boundary accesses on illegal responses" Signed-off-by: Julien Cristau <jcristau@debian.org>
2016-09-25Avoid out of boundary accesses on illegal responsesTobias Stoeckmann6-52/+172
The responses of the connected X server have to be properly checked to avoid out of boundary accesses that could otherwise be triggered by a malicious server. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
2016-08-15fix: redundant null check on calling free()walter harms1-4/+3
janitorial patch: remove some unneeded if() before free() Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-08-15fix: doGetScreenResources() info: redundant null check on calling free()walter harms1-2/+2
janitorial patch: remove some unneeded if() before free() Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2015-03-31Add monitors, update to version 1.5 (v2)libXrandr-1.5.0Keith Packard2-1/+202
v2: [airlied] xrandr was giving the outputs from 0 for each monitor instead of incrementing the pointer. add get_active support. Reviewed-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Keith Packard <keithp@keithp.com>
2015-03-31libXrandr: Clean up compiler warningsKeith Packard7-54/+54
This removes warnings about shadowing local variables with the same name, and type mismatches with _XRead32. Reviewed-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Keith Packard <keithp@keithp.com>
2013-11-22Remove fallback for _XEatDataWords, require libX11 1.6 for itMichael Joost1-14/+0
_XEatDataWords was orignally introduced with the May 2013 security patches, and in order to ease the process of delivering those, fallback versions of _XEatDataWords were included in the X extension library patches so they could be applied to older versions that didn't have libX11 1.6 yet. Now that we're past that hurdle, we can drop the fallbacks and just require libX11 1.6 for building new versions of the extension libraries. Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-07-05XRRUpdateConfiguration: Check if getting screen for root failsPauli Nieminen1-0/+3
XRRRootToScreen might return -1 if it fails to find screen for the root window. Following code uses screen number unconditionally to index the screen array. Signed-off-by: Pauli Nieminen <ext-pauli.nieminen@nokia.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-07-05XRRGetProviderInfo returned bad associated_capability list in 64-bitAlan Coopersmith1-1/+10
Unlike most of the values returned by this function, which are arrays of XIDs (long int), associated_capability is defined as an array of unsigned int. _XRead32 reads 32-bit values from the wire protocol and writes them to the provided buffer as an array of long ints, even if that means expanding them from 32-bit to 64-bit. Doing that for associated_capability resulted in a garbage value between each actual value, and overflowing the provided buffer into the space for the provider name (which is written later and would overwrite the overflowed data). Created xhiv libXrandr/XRRGetProviderInfo test case to test & confirm. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Dave Airlie <airlied@redhat.com>
2013-05-04Make XRRGet*Property() always initialize returned valuesAlan Coopersmith2-2/+14
Avoids memory corruption and other errors when callers access them without checking to see if the calls returned an error value. Callers are still required to check for errors, this just reduces the damage when they don't. (Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel) Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-05-04integer overflow in XRRGetProviderProperty() [CVE-2013-1986 4/4]Alan Coopersmith1-8/+14
If the reported number of properties is too large, the calculations to allocate memory for them may overflow, leaving us returning less memory to the caller than implied by the value written to *nitems. (Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel) Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-05-04integer overflow in XRRGetOutputProperty() [CVE-2013-1986 3/4]Alan Coopersmith1-8/+14
If the reported number of properties is too large, the calculations to allocate memory for them may overflow, leaving us returning less memory to the caller than implied by the value written to *nitems. (Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel) Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-05-04integer overflow in XRRQueryProviderProperty() [CVE-2013-1986 2/4]Alan Coopersmith1-4/+9
Same problem as XRRQueryOutputProperty() that it was cloned from Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-05-04integer overflow in XRRQueryOutputProperty() [CVE-2013-1986 1/4]Alan Coopersmith1-4/+9
rep.length is a CARD32, while rbytes was a signed int, so rbytes = sizeof (XRRPropertyInfo) + rep.length * sizeof (long); could result in integer overflow, leading to an undersized malloc and reading data off the connection and writing it past the end of the allocated buffer. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-05-03Use _XEatDataWords to avoid overflow of rep.length bit shiftingAlan Coopersmith7-17/+28
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-01-18Replace deprecated Automake INCLUDES variable with AM_CPPFLAGSAlan Coopersmith1-1/+1
Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html - Support for the long-deprecated INCLUDES variable will be removed altogether in Automake 1.14. The AM_CPPFLAGS variable should be used instead. This variable was deprecated in Automake releases prior to 1.10, which is the current minimum level required to build X. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2012-09-06Constify a couple string arguments that are just copied, not modifiedAlan Coopersmith2-2/+2
Fixes compiler warnings when building app/xrandr: xrandr.c: In function ‘crtc_set_transform’: xrandr.c:1459:9: warning: passing argument 4 of ‘XRRSetCrtcTransform’ discards qualifiers from pointer target type X11/extensions/Xrandr.h:419:1: note: expected ‘char *’ but argument is of type ‘const char *’ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Aaron Plattner <aplattner@nvidia.com>
2012-07-19libXrandr: add support for provider objects.Dave Airlie4-2/+623
This adds the client side libXrandr support for randr 1.4, and provider objects. Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-02-29Fill in nameLen in XRROutputInfoDaniel Stone1-0/+1
Even though it probably makes more sense to just strlen() the name, for some reason there's a nameLen field in XRROutputInfo, so might as well actually fill it in. Signed-off-by: Daniel Stone <daniel@fooishbar.org> Reported-by: Leif Middelschulte <leif.middelschulte@gmail.com>
2011-09-16Strip trailing whitespaceAlan Coopersmith9-71/+71
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}' git diff -w & git diff -b show no diffs from this change Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2010-07-08Purge macros NEED_EVENTS and NEED_REPLIESFernando Carrijo1-2/+0
Signed-off-by: Fernando Carrijo <fcarrijo@yahoo.com.br> Acked-by: Tiago Vignatti <tiago.vignatti@nokia.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2010-05-26Add parameter safety checkLeif Middelschulte1-1/+1
As mentioned in bugzilla ticket 28150. Calling '_XRRValidateCache' with 'improper' arguments results in a SEGV. This patch adds a parameter validation to the mentioned function. Signed-off-by: Leif Middelschulte <leif.middelschulte@gmail.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2010-02-16config: move CWARNFLAGS from configure.ac to Makefile.amGaetan Nadon1-1/+5
Compiler warning flags should be explicitly set in the makefile rather than being merged with other packages compiler flags. Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
2009-11-10GetCrtcGamma: Fix error handling.Adam Jackson1-6/+5
We didn't treat _XReply failure as fatal. Parsing an xError as a gamma ramp reply doesn't work that often. Signed-off-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Jamey Sharp <jamey@minilop.net>
2009-11-10GetCrtcGammaSize: Return 0, not garbage, on failureAdam Jackson1-1/+1
Signed-off-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Jamey Sharp <jamey@minilop.net>
2009-11-10SetScreenConfigAndRate: Document error handling betterAdam Jackson1-0/+1
Signed-off-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Jamey Sharp <jamey@minilop.net>
2009-11-10GetOutputProperty: Return the error code, not BadRequestAdam Jackson1-1/+1
Signed-off-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Jamey Sharp <jamey@minilop.net>
2009-01-30Send X_RRGetOutputPrimary when making an X_RRGetOutputPrimary requestKeith Packard1-1/+1
Using X_RRGetOutputProperty does not yield success here. Signed-off-by: Keith Packard <keithp@keithp.com>
2009-01-30Janitor: make distcheck, compiler warnings, .gitignorePaulo Cesar Pereira de Andrade9-39/+13
Warning corrections are either unused symbols or using an integer as a pointer (generated by sparse).
2008-12-23Fix thinkosJulien Cristau2-5/+2
* XRRExtensionInfo can be static * XRRExtensionName is not called XrandrExtensionName
2008-12-17Define _XRRHasRates internally.Adam Jackson1-0/+3
2008-12-17Be sure to return NULL when returning no properties.Adam Jackson1-1/+1
2008-12-17Use RRCheckExtension in function returning a value.Adam Jackson1-1/+1
2008-12-17Fix type of GetReq() argument.Adam Jackson1-1/+1
2008-12-17Use RRSimpleCheckExtension in functions returning voidAdam Jackson1-1/+1
2008-12-08Add [GS]etOutputPrimaryget-set-primaryAdam Jackson1-0/+62
2008-12-04Nuke config-timestamp for panning.Matthias Hopf1-2/+0
2008-12-04Panning supportMatthias Hopf1-0/+97
2008-12-01RRNotify subevents have 'window' at different offsets, the sequelJulien Cristau1-1/+3
f176b2bda103f6f38aabab8207f47a02cc797659 fixed XRRWireToEvent, but XRREventToWire had the same bug. Signed-off-by: Julien Cristau <jcristau@debian.org>
2008-12-01Merge branch 'transform-proposal' of git.freedesktop.org:/git/xorg/lib/libXrandrJulien Cristau3-9/+210
Conflicts: src/Xrandr.c
2008-11-28Set attr->pendingNparams in XRRGetCrtcTransform()transform-proposalJulien Cristau1-0/+1
2008-11-24Add GetScreenResourcesCurrentgsr-currentAdam Jackson1-3/+20
2008-09-12Set NparamsFilter in XRRGetCrtcTransform return value.Keith Packard1-0/+1
Leaving this uninitialized isn't very helpful, and can cause segfaults.
2008-08-13RRNotify subevents have 'window' at different offsets.Tomas Carnecky1-1/+3
2008-08-13Remove RCS tags.Adam Jackson2-5/+0