diff --git a/packages/x11/xserver/xorg-server/patches/156_exevents_copykeyclass_nullptrcheck.diff b/packages/x11/xserver/xorg-server/patches/156_exevents_copykeyclass_nullptrcheck.diff new file mode 100644 index 0000000000..d16c2f0384 --- /dev/null +++ b/packages/x11/xserver/xorg-server/patches/156_exevents_copykeyclass_nullptrcheck.diff @@ -0,0 +1,22 @@ +diff -Naur xorg-server-1.6.99.902.orig/Xi/exevents.c xorg-server-1.6.99.902/Xi/exevents.c +--- xorg-server-1.6.99.902.orig/Xi/exevents.c 2009-09-26 14:12:03.000000000 +0200 ++++ xorg-server-1.6.99.902/Xi/exevents.c 2009-09-26 18:55:30.000000000 +0200 +@@ -195,11 +195,15 @@ + static void + CopyKeyClass(DeviceIntPtr device, DeviceIntPtr master) + { +- KeyClassPtr mk = master->key; +- KeyClassPtr dk = device->key; ++ KeyClassPtr mk, dk; + int i; + +- if (device == master) ++ if (device == master || device == NULL || master == NULL) ++ return; ++ ++ mk = master->key; ++ dk = device->key; ++ if (dk == NULL || mk == NULL) + return; + + mk->sourceid = device->id; diff --git a/packages/x11/xserver/xorg-server/patches/157_check_null_modes.diff b/packages/x11/xserver/xorg-server/patches/157_check_null_modes.diff new file mode 100644 index 0000000000..7bdcb8b5da --- /dev/null +++ b/packages/x11/xserver/xorg-server/patches/157_check_null_modes.diff @@ -0,0 +1,14 @@ +diff --git a/hw/xfree86/common/xf86VidMode.c b/hw/xfree86/common/xf86VidMode.c +index d855bd1..2af8c00 100644 +--- a/hw/xfree86/common/xf86VidMode.c ++++ b/hw/xfree86/common/xf86VidMode.c +@@ -226,6 +226,9 @@ VidModeGetFirstModeline(int scrnIndex, pointer *mode, int *dotClock) + + pScrn = xf86Screens[scrnIndex]; + pVidMode = VMPTR(pScrn->pScreen); ++ if (pScrn->modes == NULL) ++ return FALSE; ++ + pVidMode->First = pScrn->modes; + pVidMode->Next = pVidMode->First->next; + diff --git a/packages/x11/xserver/xorg-server/patches/162_null_crtc_in_rotation.diff b/packages/x11/xserver/xorg-server/patches/162_null_crtc_in_rotation.diff new file mode 100644 index 0000000000..2e4a9450d8 --- /dev/null +++ b/packages/x11/xserver/xorg-server/patches/162_null_crtc_in_rotation.diff @@ -0,0 +1,13 @@ +diff -Nurp patched/hw/xfree86/modes/xf86RandR12.c working/hw/xfree86/modes/xf86RandR12.c +--- patched/hw/xfree86/modes/xf86RandR12.c 2009-03-02 22:57:18.000000000 -0800 ++++ working/hw/xfree86/modes/xf86RandR12.c 2009-03-02 22:57:24.000000000 -0800 +@@ -944,7 +944,8 @@ xf86RandR12SetRotations (ScreenPtr pScre + for (c = 0; c < config->num_crtc; c++) { + xf86CrtcPtr crtc = config->crtc[c]; + +- RRCrtcSetRotations (crtc->randr_crtc, rotations); ++ if (crtc != NULL) ++ RRCrtcSetRotations (crtc->randr_crtc, rotations); + } + #endif + randrp->supported_rotations = rotations; diff --git a/packages/x11/xserver/xorg-server/patches/166_nullptr_xinerama_keyrepeat.diff b/packages/x11/xserver/xorg-server/patches/166_nullptr_xinerama_keyrepeat.diff new file mode 100644 index 0000000000..75dbf5d458 --- /dev/null +++ b/packages/x11/xserver/xorg-server/patches/166_nullptr_xinerama_keyrepeat.diff @@ -0,0 +1,30 @@ +From f0ef98d8d54f5dfa3081b62ff672e0fe992b0a01 Mon Sep 17 00:00:00 2001 +From: Bryce Harrington +Date: Wed, 18 Mar 2009 23:28:51 -0700 +Subject: [PATCH] Check for null pointer dereference to prevent crash + on non-primary Xinerama screens when key repeating. + (LP: #324465) + +Signed-off-by: Bryce Harrington +--- + mi/mipointer.c | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/mi/mipointer.c b/mi/mipointer.c +index e37316e..fe5947f 100644 +--- a/mi/mipointer.c ++++ b/mi/mipointer.c +@@ -306,6 +306,10 @@ miPointerWarpCursor (DeviceIntPtr pDev, ScreenPtr pScreen, int x, int y) + pPointer = MIPOINTER(pDev); + SetupScreen (pScreen); + ++ /* Null pointer causes crash on keyrepeat with Xinerama LP: (#324465) */ ++ if (pPointer == NULL) ++ return; ++ + if (pPointer->pScreen != pScreen) + { + (*pScreenPriv->screenFuncs->NewEventScreen) (pDev, pScreen, TRUE); +-- +1.6.0.4 + diff --git a/packages/x11/xserver/xorg-server/patches/167_nullptr_xisbread.diff b/packages/x11/xserver/xorg-server/patches/167_nullptr_xisbread.diff new file mode 100644 index 0000000000..38921dd4bf --- /dev/null +++ b/packages/x11/xserver/xorg-server/patches/167_nullptr_xisbread.diff @@ -0,0 +1,13 @@ +diff -Nurp patched/hw/xfree86/common/xisb.c working/hw/xfree86/common/xisb.c +--- patched/hw/xfree86/common/xisb.c 2009-02-02 21:53:58.000000000 +0100 ++++ working/hw/xfree86/common/xisb.c 2009-02-02 21:55:09.000000000 +0100 +@@ -98,6 +98,9 @@ XisbRead (XISBuffer *b) + { + int ret; + ++ if (b == NULL) ++ return -2; ++ + if (b->current >= b->end) + { + if (b->block_duration >= 0) diff --git a/packages/x11/xserver/xorg-server/patches/169_mipointer_nullptr_checks.diff b/packages/x11/xserver/xorg-server/patches/169_mipointer_nullptr_checks.diff new file mode 100644 index 0000000000..6484fe0152 --- /dev/null +++ b/packages/x11/xserver/xorg-server/patches/169_mipointer_nullptr_checks.diff @@ -0,0 +1,107 @@ +From 179cec1d2f919d8d8096d6030b0ad9b6285dfd4d Mon Sep 17 00:00:00 2001 +From: Bryce Harrington +Date: Mon, 23 Mar 2009 14:25:18 -0700 +Subject: [PATCH] Check null pointers to not crash on keyrepeat with Xinerama LP: (#324465) + +With -nvidia, when using Xinerama, holding down a key in a text field +on a non-primary screen can cause an X crash. This is caused because +the MIPOINTER(pDev) can return a NULL pointer for a non-null pDev in +some cases, and the mipointer.c code lacks checks for this condition. + +MIPOINTER() is a macro #defined locally to mipointer.c, which calls into +dixLookupPrivate(), a routine which returns NULL in at least some +circumstances - such as if the memory could not be xcalloc'd for +whatever reason. Hopefully upstream can provide a better fix for this, +but for now it seems reasonable to check the return values of this macro +for NULL before usage, as a minimum. + +diff -Naur xorg-server-1.6.99.902.orig/mi/mipointer.c xorg-server-1.6.99.902/mi/mipointer.c +--- xorg-server-1.6.99.902.orig/mi/mipointer.c 2009-09-26 14:12:02.000000000 +0200 ++++ xorg-server-1.6.99.902/mi/mipointer.c 2009-09-26 19:02:00.000000000 +0200 +@@ -139,6 +139,10 @@ + if (DevHasCursor(pDev)) + { + pPointer = MIPOINTER(pDev); ++ if (pPointer == NULL) { ++ ErrorF("miPointerCloseScreen: Invalid input device pointer\n"); ++ return FALSE; ++ } + + if (pScreen == pPointer->pScreen) + pPointer->pScreen = 0; +@@ -191,6 +195,10 @@ + return FALSE; + + pPointer = MIPOINTER(pDev); ++ if (pPointer == NULL) { ++ ErrorF("miPointerDisplayCursor: Invalid input device pointer\n"); ++ return FALSE; ++ } + + pPointer->pCursor = pCursor; + pPointer->pScreen = pScreen; +@@ -204,6 +212,10 @@ + miPointerPtr pPointer; + + pPointer = MIPOINTER(pDev); ++ if (pPointer == NULL) { ++ ErrorF("miPointerConstrainCursor: Invalid input device pointer\n"); ++ return FALSE; ++ } + + pPointer->limits = *pBox; + pPointer->confined = PointerConfinedToScreen(pDev); +@@ -305,6 +317,10 @@ + + SetupScreen (pScreen); + pPointer = MIPOINTER(pDev); ++ if (pPointer == NULL) { ++ ErrorF("miPointerWarpCursor: Invalid input device pointer\n"); ++ return; ++ } + + if (pPointer->pScreen != pScreen) + { +@@ -436,13 +452,17 @@ + ScreenPtr pScreen; + miPointerPtr pPointer; + +- pPointer = MIPOINTER(pDev); +- + pScreen = screenInfo.screens[screen_no]; + pScreenPriv = GetScreenPrivate (pScreen); + (*pScreenPriv->screenFuncs->NewEventScreen) (pDev, pScreen, FALSE); + NewCurrentScreen (pDev, pScreen, x, y); + ++ pPointer = MIPOINTER(pDev); ++ if (pPointer == NULL) { ++ ErrorF("miPointerSetScreen: Invalid input device pointer\n"); ++ return; ++ } ++ + pPointer->limits.x2 = pScreen->width; + pPointer->limits.y2 = pScreen->height; + } +@@ -469,6 +489,10 @@ + SetupScreen(pScreen); + + pPointer = MIPOINTER(pDev); ++ if (pPointer == NULL) { ++ ErrorF("miPointerMoved: Invalid input device pointer\n"); ++ return; ++ } + + /* Hack: We mustn't call into ->MoveCursor for anything but the + * VCP, as this may cause a non-HW rendered cursor to be rendered during +@@ -498,6 +522,11 @@ + miPointerPtr pPointer; + + pPointer = MIPOINTER(pDev); ++ if (pPointer == NULL) { ++ ErrorF("miPointerSetPosition: Invalid input device pointer\n"); ++ return; ++ } ++ + pScreen = pPointer->pScreen; + if (!pScreen) + return; /* called before ready */ diff --git a/packages/x11/xserver/xorg-server/patches/172_cwgetbackingpicture_nullptr_check.diff b/packages/x11/xserver/xorg-server/patches/172_cwgetbackingpicture_nullptr_check.diff new file mode 100644 index 0000000000..9a91113aea --- /dev/null +++ b/packages/x11/xserver/xorg-server/patches/172_cwgetbackingpicture_nullptr_check.diff @@ -0,0 +1,39 @@ +From 7813adf66be31d8b0e8df21821e786e688f7fe78 Mon Sep 17 00:00:00 2001 +From: Bryce Harrington +Date: Fri, 27 Mar 2009 19:01:32 -0700 +Subject: [PATCH] cwGetBackingPicture can segfault when minimizing/maximizing firefox with + a flash video playing. This appears to be a race condition in which the + backing picture's data is not always fully defined. + +Signed-off-by: Bryce Harrington +--- + miext/cw/cw_render.c | 13 +++++++++---- + 1 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/miext/cw/cw_render.c b/miext/cw/cw_render.c +index 6e0c727..fe8cba7 100644 +--- a/miext/cw/cw_render.c ++++ b/miext/cw/cw_render.c +@@ -125,10 +125,15 @@ cwGetBackingPicture (PicturePtr pPicture, int *x_off, int *y_off) + WindowPtr pWindow = (WindowPtr) pDrawable; + PixmapPtr pPixmap = getCwPixmap (pWindow); + +- *x_off = pDrawable->x - pPixmap->screen_x; +- *y_off = pDrawable->y - pPixmap->screen_y; +- +- return pPicturePrivate->pBackingPicture; ++ if (pDrawable && pPixmap) { ++ *x_off = pDrawable->x - pPixmap->screen_x; ++ *y_off = pDrawable->y - pPixmap->screen_y; ++ ++ return pPicturePrivate->pBackingPicture; ++ } else { ++ *x_off = *y_off = 0; ++ return pPicture; ++ } + } + else + { +-- +1.6.0.4 +