diff options
author | kyak | 2015-07-18 11:40:35 +0300 |
---|---|---|
committer | kyak | 2015-07-18 11:40:35 +0300 |
commit | 9f51894d036c3fe814a673f979727f3f44de3fae (patch) | |
tree | 4f7b669accf5eb14563ef68a7c8c92303b1decb2 | |
parent | d43f2ce93ee6b07e5e15f60faaff709522c99076 (diff) | |
download | aur-9f51894d036c3fe814a673f979727f3f44de3fae.tar.gz |
upgpkg: xorg-server 1.17.2-4
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | 0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch | 63 | ||||
-rw-r--r-- | PKGBUILD | 5 |
3 files changed, 70 insertions, 2 deletions
@@ -1,6 +1,6 @@ pkgbase = xorg-server-bug865 pkgver = 1.17.2 - pkgrel = 3 + pkgrel = 4 url = http://xorg.freedesktop.org arch = i686 arch = x86_64 @@ -61,6 +61,7 @@ pkgbase = xorg-server-bug865 source = 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch source = 0001-systemd-logind-do-not-rely-on-directed-signals.patch source = 0001-glamor-make-current-in-prepare-paths.patch + source = 0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch source = freedesktop-bug-865.patch sha256sums = f61120612728f2c5034671d0ca3e2273438c60aba93b3dda4a8aa40e6a257993 sha256sums = SKIP @@ -71,6 +72,7 @@ pkgbase = xorg-server-bug865 sha256sums = 416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96 sha256sums = 3d7edab3a54d647e7d924b29d29f91b50212f308fcb1853a5aacd3181f58276c sha256sums = 793579adbef979088cadc0fd9ce0c24df0455a6936d3de7a9356df537b7d9a81 + sha256sums = efc05c06af2bfdf588ef7a60b44c1d180fb353b1bffdfdf96415d63690b6e394 sha256sums = ad64fd593cd4cdfdd830c4295ebe1acd4259e45cfc12a258a162ecdbb11fd7ca pkgname = xorg-server-bug865 diff --git a/0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch b/0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch new file mode 100644 index 000000000000..b3a7d2ed5e00 --- /dev/null +++ b/0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch @@ -0,0 +1,63 @@ +From 7cc7ffd25d5e50b54cb942d07d4cb160f20ff9c5 Mon Sep 17 00:00:00 2001 +From: Martin Peres <martin.peres@linux.intel.com> +Date: Fri, 17 Jul 2015 17:21:26 +0300 +Subject: [PATCH] os: make sure the clientsWritable fd_set is initialized + before use + +In WaitForSomething(), the fd_set clientsWritable may be used unitialized when +the boolean AnyClientsWriteBlocked is set in the WakeupHandler(). This leads to +a crash in FlushAllOutput() after x11proto's commit +2c94cdb453bc641246cc8b9a876da9799bee1ce7. + +The problem did not manifest before because both the XFD_SIZE and the maximum +number of clients were set to 256. As the connectionTranslation table was +initalized for the 256 clients to 0, the test on the index not being 0 was +aborting before dereferencing the client #0. + +As of commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7 in x11proto, the XFD_SIZE +got bumped to 512. This lead the OutputPending fd_set to have any fd above 256 +to be uninitialized which in turns lead to reading an index after the end of +the ConnectionTranslation table. This index would then be used to find the +client corresponding to the fd marked as pending writes and would also result +to an out-of-bound access which would usually be the fatal one. + +Fix this by zeroing the clientsWritable fd_set at the beginning of +WaitForSomething(). In this case, the bottom part of the loop, which would +indirectly call FlushAllOutput, will not do any work but the next call to +select will result in the execution of the right codepath. This is exactly what +we want because we need to know the writable clients before handling them. In +the end, it also makes sure that the fds above MaxClient are initialized, +preventing the crash in FlushAllOutput(). + +Thanks to everyone involved in tracking this one down! + +Reported-by: Karol Herbst <freedesktop@karolherbst.de> +Reported-by: Tobias Klausmann <tobias.klausmann@mni.thm.de> +Signed-off-by: Martin Peres <martin.peres@linux.intel.com> +Tested-by: Martin Peres <martin.peres@linux.intel.com> +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91316 +Cc: Ilia Mirkin <imirkin@alum.mit.edu> +Cc: Martin Peres <martin.peres@linux.intel.com> +Cc: Olivier Fourdan <ofourdan@redhat.com +Cc: Adam Jackson <ajax@redhat.com> +Cc: Alan Coopersmith <alan.coopersmith@oracle.com +Cc: Chris Wilson <chris@chris-wilson.co.uk> +--- + os/WaitFor.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/os/WaitFor.c b/os/WaitFor.c +index 431f1a6..993c14e 100644 +--- a/os/WaitFor.c ++++ b/os/WaitFor.c +@@ -158,6 +158,7 @@ WaitForSomething(int *pClientsReady) + Bool someReady = FALSE; + + FD_ZERO(&clientsReadable); ++ FD_ZERO(&clientsWritable); + + if (nready) + SmartScheduleStopTimer(); +-- +2.4.5 + @@ -5,7 +5,7 @@ pkgbase=xorg-server-bug865 pkgname=xorg-server-bug865 pkgver=1.17.2 -pkgrel=3 # build first with 0.1 and then rebuild it after xf86-input-evdev rebuild +pkgrel=4 # build first with 0.1 and then rebuild it after xf86-input-evdev rebuild arch=('i686' 'x86_64') license=('custom') url="http://xorg.freedesktop.org" @@ -24,6 +24,7 @@ source=(${url}/releases/individual/xserver/xorg-server-${pkgver}.tar.bz2{,.sig} 0002-dix-hook-up-the-unaccelerated-valuator-masks.patch 0001-systemd-logind-do-not-rely-on-directed-signals.patch 0001-glamor-make-current-in-prepare-paths.patch + 0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch freedesktop-bug-865.patch) validpgpkeys=('7B27A3F1A6E18CD9588B4AE8310180050905E40C' 'C383B778255613DFDB409D91DB221A6900000011' @@ -37,6 +38,7 @@ sha256sums=('f61120612728f2c5034671d0ca3e2273438c60aba93b3dda4a8aa40e6a257993' '416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96' '3d7edab3a54d647e7d924b29d29f91b50212f308fcb1853a5aacd3181f58276c' '793579adbef979088cadc0fd9ce0c24df0455a6936d3de7a9356df537b7d9a81' + 'efc05c06af2bfdf588ef7a60b44c1d180fb353b1bffdfdf96415d63690b6e394' 'ad64fd593cd4cdfdd830c4295ebe1acd4259e45cfc12a258a162ecdbb11fd7ca') prepare() { @@ -50,6 +52,7 @@ prepare() { # fix FS#45009, merged upstream patch -Np1 -i ../0001-glamor-make-current-in-prepare-paths.patch + patch -Np1 -i ../0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch # The patch for freedesktop bug 865 patch -Np1 -i "${srcdir}/freedesktop-bug-865.patch" |