xorg-server:

- add some debian patches that do necessary null pointer check, avoiding many xorg segv
2025-07-24 11:16:51 +00:00 · 2009-09-28 14:32:03 +02:00 · 2009-09-28 14:32:03 +02:00 · 03e30a4a07
commit 03e30a4a07
parent a10e798e92
7 changed files with 238 additions and 0 deletions
--- a/packages/x11/xserver/xorg-server/patches/156_exevents_copykeyclass_nullptrcheck.diff
+++ b/packages/x11/xserver/xorg-server/patches/156_exevents_copykeyclass_nullptrcheck.diff
@ -0,0 +1,22 @@
+diff -Naur xorg-server-1.6.99.902.orig/Xi/exevents.c xorg-server-1.6.99.902/Xi/exevents.c
+--- xorg-server-1.6.99.902.orig/Xi/exevents.c	2009-09-26 14:12:03.000000000 +0200
+++ xorg-server-1.6.99.902/Xi/exevents.c	2009-09-26 18:55:30.000000000 +0200
+@@ -195,11 +195,15 @@
+ static void
+ CopyKeyClass(DeviceIntPtr device, DeviceIntPtr master)
+ {
+-    KeyClassPtr mk = master->key;
+-    KeyClassPtr dk = device->key;
+    KeyClassPtr mk, dk;
+     int i;
+ 
+-    if (device == master)
+    if (device == master || device == NULL || master == NULL)
+        return;
+
+    mk = master->key;
+    dk = device->key;
+    if (dk == NULL || mk == NULL)
+         return;
+ 
+     mk->sourceid = device->id;
--- a/packages/x11/xserver/xorg-server/patches/157_check_null_modes.diff
+++ b/packages/x11/xserver/xorg-server/patches/157_check_null_modes.diff
@ -0,0 +1,14 @@
+diff --git a/hw/xfree86/common/xf86VidMode.c b/hw/xfree86/common/xf86VidMode.c
+index d855bd1..2af8c00 100644
+--- a/hw/xfree86/common/xf86VidMode.c
+++ b/hw/xfree86/common/xf86VidMode.c
+@@ -226,6 +226,9 @@ VidModeGetFirstModeline(int scrnIndex, pointer *mode, int *dotClock)
+ 
+     pScrn = xf86Screens[scrnIndex];
+     pVidMode = VMPTR(pScrn->pScreen);
+    if (pScrn->modes == NULL)
+        return FALSE;
+
+     pVidMode->First = pScrn->modes;
+     pVidMode->Next =  pVidMode->First->next;
+ 
--- a/packages/x11/xserver/xorg-server/patches/162_null_crtc_in_rotation.diff
+++ b/packages/x11/xserver/xorg-server/patches/162_null_crtc_in_rotation.diff
@ -0,0 +1,13 @@
+diff -Nurp patched/hw/xfree86/modes/xf86RandR12.c working/hw/xfree86/modes/xf86RandR12.c
+--- patched/hw/xfree86/modes/xf86RandR12.c	2009-03-02 22:57:18.000000000 -0800
+++ working/hw/xfree86/modes/xf86RandR12.c	2009-03-02 22:57:24.000000000 -0800
+@@ -944,7 +944,8 @@ xf86RandR12SetRotations (ScreenPtr pScre
+     for (c = 0; c < config->num_crtc; c++) {
+ 	xf86CrtcPtr    crtc = config->crtc[c];
+ 
+-	RRCrtcSetRotations (crtc->randr_crtc, rotations);
+        if (crtc != NULL)
+            RRCrtcSetRotations (crtc->randr_crtc, rotations);
+     }
+ #endif
+     randrp->supported_rotations = rotations;
--- a/packages/x11/xserver/xorg-server/patches/166_nullptr_xinerama_keyrepeat.diff
+++ b/packages/x11/xserver/xorg-server/patches/166_nullptr_xinerama_keyrepeat.diff
@ -0,0 +1,30 @@
+From f0ef98d8d54f5dfa3081b62ff672e0fe992b0a01 Mon Sep 17 00:00:00 2001
+From: Bryce Harrington <bryce@bryceharrington.org>
+Date: Wed, 18 Mar 2009 23:28:51 -0700
+Subject: [PATCH] Check for null pointer dereference to prevent crash
+ on non-primary Xinerama screens when key repeating.
+ (LP: #324465)
+
+Signed-off-by: Bryce Harrington <bryce@bryceharrington.org>
+---
+ mi/mipointer.c |    4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+
+diff --git a/mi/mipointer.c b/mi/mipointer.c
+index e37316e..fe5947f 100644
+--- a/mi/mipointer.c
+++ b/mi/mipointer.c
+@@ -306,6 +306,10 @@ miPointerWarpCursor (DeviceIntPtr pDev, ScreenPtr pScreen, int x, int y)
+     pPointer = MIPOINTER(pDev);
+     SetupScreen (pScreen);
+ 
+    /* Null pointer causes crash on keyrepeat with Xinerama LP: (#324465) */
+    if (pPointer == NULL)
+        return;
+
+     if (pPointer->pScreen != pScreen)
+     {
+ 	(*pScreenPriv->screenFuncs->NewEventScreen) (pDev, pScreen, TRUE);
+-- 
+1.6.0.4
+
--- a/packages/x11/xserver/xorg-server/patches/167_nullptr_xisbread.diff
+++ b/packages/x11/xserver/xorg-server/patches/167_nullptr_xisbread.diff
@ -0,0 +1,13 @@
+diff -Nurp patched/hw/xfree86/common/xisb.c working/hw/xfree86/common/xisb.c
+--- patched/hw/xfree86/common/xisb.c	2009-02-02 21:53:58.000000000 +0100
+++ working/hw/xfree86/common/xisb.c	2009-02-02 21:55:09.000000000 +0100
+@@ -98,6 +98,9 @@ XisbRead (XISBuffer *b)
+ {
+ 	int ret;
+ 
+        if (b == NULL)
+            return -2;
+
+ 	if (b->current >= b->end)
+ 	{
+ 		if (b->block_duration >= 0)
--- a/packages/x11/xserver/xorg-server/patches/169_mipointer_nullptr_checks.diff
+++ b/packages/x11/xserver/xorg-server/patches/169_mipointer_nullptr_checks.diff
@ -0,0 +1,107 @@
+From 179cec1d2f919d8d8096d6030b0ad9b6285dfd4d Mon Sep 17 00:00:00 2001
+From: Bryce Harrington <bryce@bryceharrington.org>
+Date: Mon, 23 Mar 2009 14:25:18 -0700
+Subject: [PATCH] Check null pointers to not crash on keyrepeat with Xinerama LP: (#324465)
+
+With -nvidia, when using Xinerama, holding down a key in a text field
+on a non-primary screen can cause an X crash.  This is caused because
+the MIPOINTER(pDev) can return a NULL pointer for a non-null pDev in
+some cases, and the mipointer.c code lacks checks for this condition.
+
+MIPOINTER() is a macro #defined locally to mipointer.c, which calls into
+dixLookupPrivate(), a routine which returns NULL in at least some
+circumstances - such as if the memory could not be xcalloc'd for
+whatever reason.  Hopefully upstream can provide a better fix for this,
+but for now it seems reasonable to check the return values of this macro
+for NULL before usage, as a minimum.
+
+diff -Naur xorg-server-1.6.99.902.orig/mi/mipointer.c xorg-server-1.6.99.902/mi/mipointer.c
+--- xorg-server-1.6.99.902.orig/mi/mipointer.c	2009-09-26 14:12:02.000000000 +0200
+++ xorg-server-1.6.99.902/mi/mipointer.c	2009-09-26 19:02:00.000000000 +0200
+@@ -139,6 +139,10 @@
+         if (DevHasCursor(pDev))
+         {
+             pPointer = MIPOINTER(pDev);
+            if (pPointer == NULL) {
+                ErrorF("miPointerCloseScreen: Invalid input device pointer\n");
+                return FALSE;
+            }
+ 
+             if (pScreen == pPointer->pScreen)
+                 pPointer->pScreen = 0;
+@@ -191,6 +195,10 @@
+             return FALSE;
+ 
+     pPointer = MIPOINTER(pDev);
+    if (pPointer == NULL) {
+        ErrorF("miPointerDisplayCursor: Invalid input device pointer\n");
+        return FALSE;
+    }
+ 
+     pPointer->pCursor = pCursor;
+     pPointer->pScreen = pScreen;
+@@ -204,6 +212,10 @@
+     miPointerPtr pPointer;
+ 
+     pPointer = MIPOINTER(pDev);
+    if (pPointer == NULL) {
+        ErrorF("miPointerConstrainCursor: Invalid input device pointer\n");
+        return FALSE;
+    }
+ 
+     pPointer->limits = *pBox;
+     pPointer->confined = PointerConfinedToScreen(pDev);
+@@ -305,6 +317,10 @@
+ 
+     SetupScreen (pScreen);
+     pPointer = MIPOINTER(pDev);
+    if (pPointer == NULL) {
+        ErrorF("miPointerWarpCursor: Invalid input device pointer\n");
+        return;
+    }
+ 
+     if (pPointer->pScreen != pScreen)
+     {
+@@ -436,13 +452,17 @@
+ 	ScreenPtr pScreen;
+         miPointerPtr pPointer;
+ 
+-        pPointer = MIPOINTER(pDev);
+-
+ 	pScreen = screenInfo.screens[screen_no];
+ 	pScreenPriv = GetScreenPrivate (pScreen);
+ 	(*pScreenPriv->screenFuncs->NewEventScreen) (pDev, pScreen, FALSE);
+ 	NewCurrentScreen (pDev, pScreen, x, y);
+ 
+        pPointer = MIPOINTER(pDev);
+        if (pPointer == NULL) {
+            ErrorF("miPointerSetScreen: Invalid input device pointer\n");
+            return;
+        }
+
+         pPointer->limits.x2 = pScreen->width;
+         pPointer->limits.y2 = pScreen->height;
+ }
+@@ -469,6 +489,10 @@
+     SetupScreen(pScreen);
+ 
+     pPointer = MIPOINTER(pDev);
+    if (pPointer == NULL) {
+        ErrorF("miPointerMoved: Invalid input device pointer\n");
+        return;
+    }
+ 
+     /* Hack: We mustn't call into ->MoveCursor for anything but the
+      * VCP, as this may cause a non-HW rendered cursor to be rendered during
+@@ -498,6 +522,11 @@
+     miPointerPtr        pPointer; 
+ 
+     pPointer = MIPOINTER(pDev);
+    if (pPointer == NULL) {
+        ErrorF("miPointerSetPosition: Invalid input device pointer\n");
+        return;
+    }
+
+     pScreen = pPointer->pScreen;
+     if (!pScreen)
+ 	return;	    /* called before ready */
--- a/packages/x11/xserver/xorg-server/patches/172_cwgetbackingpicture_nullptr_check.diff
+++ b/packages/x11/xserver/xorg-server/patches/172_cwgetbackingpicture_nullptr_check.diff
@ -0,0 +1,39 @@
+From 7813adf66be31d8b0e8df21821e786e688f7fe78 Mon Sep 17 00:00:00 2001
+From: Bryce Harrington <bryce@bryceharrington.org>
+Date: Fri, 27 Mar 2009 19:01:32 -0700
+Subject: [PATCH] cwGetBackingPicture can segfault when minimizing/maximizing firefox with
+ a flash video playing.  This appears to be a race condition in which the
+ backing picture's data is not always fully defined.
+
+Signed-off-by: Bryce Harrington <bryce@bryceharrington.org>
+---
+ miext/cw/cw_render.c |   13 +++++++++----
+ 1 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/miext/cw/cw_render.c b/miext/cw/cw_render.c
+index 6e0c727..fe8cba7 100644
+--- a/miext/cw/cw_render.c
+++ b/miext/cw/cw_render.c
+@@ -125,10 +125,15 @@ cwGetBackingPicture (PicturePtr pPicture, int *x_off, int *y_off)
+ 	WindowPtr   pWindow = (WindowPtr) pDrawable;
+ 	PixmapPtr   pPixmap = getCwPixmap (pWindow);
+ 
+-	*x_off = pDrawable->x - pPixmap->screen_x;
+-	*y_off = pDrawable->y - pPixmap->screen_y;
+-
+-	return pPicturePrivate->pBackingPicture;
+        if (pDrawable && pPixmap) {
+            *x_off = pDrawable->x - pPixmap->screen_x;
+            *y_off = pDrawable->y - pPixmap->screen_y;
+
+            return pPicturePrivate->pBackingPicture;
+        } else {
+            *x_off = *y_off = 0;
+            return pPicture;
+        }
+     }
+     else
+     {
+-- 
+1.6.0.4
+