Attachment 105885 Details for Bug 157421 – 1.0.2-dbe-render.diff

[patch] 1.0.2-dbe-render.diff

1.0.2-dbe-render.diff (text/plain), 5.11 KB, created by Joshua Baergen (RETIRED) on 2007-01-07 17:21:13 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Joshua Baergen (RETIRED)

Created: 2007-01-07 17:21:13 UTC

Size: 5.11 KB

patch

obsolete

>--- dbe/dbe.c.old	2007-01-07 09:56:29.000000000 -0700
>+++ dbe/dbe.c	2007-01-07 10:00:13.000000000 -0700
>@@ -41,6 +41,12 @@
> #include <dix-config.h>
> #endif
> 
>+#if HAVE_STDINT_T
>+#include <stdint.h>
>+#elif !defined(UINT32_MAX)
>+#define UINT32_MAX 0xffffffffU
>+#endif
>+
> #include <X11/X.h>
> #include <X11/Xproto.h>
> #include "scrnintstr.h"
>@@ -733,11 +739,14 @@ ProcDbeSwapBuffers(client)
>         return(Success);
>     }
> 
>+    if (nStuff > UINT32_MAX / sizeof(DbeSwapInfoRec))
>+	    return BadAlloc;
>+
>     /* Get to the swap info appended to the end of the request. */
>     dbeSwapInfo = (xDbeSwapInfo *)&stuff[1];
> 
>     /* Allocate array to record swap information. */ 
>-    swapInfo = (DbeSwapInfoPtr)ALLOCATE_LOCAL(nStuff * sizeof(DbeSwapInfoRec));
>+    swapInfo = (DbeSwapInfoPtr)Xalloc(nStuff * sizeof(DbeSwapInfoRec));
>     if (swapInfo == NULL)
>     {
>         return(BadAlloc);
>@@ -752,14 +761,14 @@ ProcDbeSwapBuffers(client)
>         if (!(pWin = SecurityLookupWindow(dbeSwapInfo[i].window, client,
> 					  SecurityWriteAccess)))
>         {
>-            DEALLOCATE_LOCAL(swapInfo);
>+            Xfree(swapInfo);
> 	    return(BadWindow);
>         }
> 
>         /* Each window must be double-buffered - BadMatch. */
>         if (DBE_WINDOW_PRIV(pWin) == NULL)
>         {
>-            DEALLOCATE_LOCAL(swapInfo);
>+            Xfree(swapInfo);
>             return(BadMatch);
>         }
> 
>@@ -768,7 +777,7 @@ ProcDbeSwapBuffers(client)
>         {
>             if (dbeSwapInfo[i].window == dbeSwapInfo[j].window)
>             {
>-                DEALLOCATE_LOCAL(swapInfo);
>+                Xfree(swapInfo);
>                 return(BadMatch);
> 	    }
>         }
>@@ -779,7 +788,7 @@ ProcDbeSwapBuffers(client)
>             (dbeSwapInfo[i].swapAction != XdbeUntouched ) &&
>             (dbeSwapInfo[i].swapAction != XdbeCopied    ))
>         {
>-            DEALLOCATE_LOCAL(swapInfo);
>+            Xfree(swapInfo);
>             return(BadValue);
>         }
> 
>@@ -809,12 +818,12 @@ ProcDbeSwapBuffers(client)
>         error = (*pDbeScreenPriv->SwapBuffers)(client, &nStuff, swapInfo);
>         if (error != Success)
>         {
>-            DEALLOCATE_LOCAL(swapInfo);
>+            Xfree(swapInfo);
>             return(error);
>         }
>     }
>     
>-    DEALLOCATE_LOCAL(swapInfo);
>+    Xfree(swapInfo);
>     return(Success);
> 
> } /* ProcDbeSwapBuffers() */
>@@ -898,10 +907,12 @@ ProcDbeGetVisualInfo(client)
> 
>     REQUEST_AT_LEAST_SIZE(xDbeGetVisualInfoReq);
> 
>+    if (stuff->n > UINT32_MAX / sizeof(DrawablePtr))
>+	    return BadAlloc;
>     /* Make sure any specified drawables are valid. */
>     if (stuff->n != 0)
>     {
>-        if (!(pDrawables = (DrawablePtr *)ALLOCATE_LOCAL(stuff->n *
>+        if (!(pDrawables = (DrawablePtr *)Xalloc(stuff->n *
>                                                  sizeof(DrawablePtr))))
>         {
>             return(BadAlloc);
>@@ -914,7 +925,7 @@ ProcDbeGetVisualInfo(client)
>             if (!(pDrawables[i] = (DrawablePtr)SecurityLookupDrawable(
> 				drawables[i], client, SecurityReadAccess)))
>             {
>-                DEALLOCATE_LOCAL(pDrawables);
>+                Xfree(pDrawables);
>                 return(BadDrawable);
>             }
>         }
>@@ -926,7 +937,7 @@ ProcDbeGetVisualInfo(client)
>     {
>         if (pDrawables)
>         {
>-            DEALLOCATE_LOCAL(pDrawables);
>+            Xfree(pDrawables);
>         }
> 
>         return(BadAlloc);
>@@ -953,7 +964,7 @@ ProcDbeGetVisualInfo(client)
>             /* Free pDrawables if we needed to allocate it above. */
>             if (pDrawables)
>             {
>-                DEALLOCATE_LOCAL(pDrawables);
>+                Xfree(pDrawables);
>             }
> 
>             return(BadAlloc);
>@@ -1034,7 +1045,7 @@ ProcDbeGetVisualInfo(client)
> 
>     if (pDrawables)
>     {
>-        DEALLOCATE_LOCAL(pDrawables);
>+        Xfree(pDrawables);
>     }
> 
>     return(client->noClientException);
>--- render/render.c.old	2007-01-07 09:56:46.000000000 -0700
>+++ render/render.c	2007-01-07 09:58:10.000000000 -0700
>@@ -52,6 +52,12 @@
> #include "xf86_ansic.h"
> #endif
> 
>+#if HAVE_STDINT_H
>+#include <stdint.h>
>+#elif !defined(UINT32_MAX)
>+#define UINT32_MAX 0xffffffffU
>+#endif
>+
> static int ProcRenderQueryVersion (ClientPtr pClient);
> static int ProcRenderQueryPictFormats (ClientPtr pClient);
> static int ProcRenderQueryPictIndexValues (ClientPtr pClient);
>@@ -1108,11 +1114,14 @@ ProcRenderAddGlyphs (ClientPtr client)
>     }
> 
>     nglyphs = stuff->nglyphs;
>+    if (nglyphs > UINT32_MAX / sizeof(GlyphNewRec))
>+	    return BadAlloc;
>+
>     if (nglyphs <= NLOCALGLYPH)
> 	glyphsBase = glyphsLocal;
>     else
>     {
>-	glyphsBase = (GlyphNewPtr) ALLOCATE_LOCAL (nglyphs * sizeof (GlyphNewRec));
>+	glyphsBase = (GlyphNewPtr) Xalloc (nglyphs * sizeof (GlyphNewRec));
> 	if (!glyphsBase)
> 	    return BadAlloc;
>     }
>@@ -1169,7 +1178,7 @@ ProcRenderAddGlyphs (ClientPtr client)
>     }
> 
>     if (glyphsBase != glyphsLocal)
>-	DEALLOCATE_LOCAL (glyphsBase);
>+	Xfree (glyphsBase);
>     return client->noClientException;
> bail:
>     while (glyphs != glyphsBase)
>@@ -1178,7 +1187,7 @@ bail:
> 	xfree (glyphs->glyph);
>     }
>     if (glyphsBase != glyphsLocal)
>-	DEALLOCATE_LOCAL (glyphsBase);
>+	Xfree (glyphsBase);
>     return err;
> }
>

Actions: View | Diff

Attachments on bug 157421: 105779 | 105781 | 105783 | 105785 | 105885 | 105887 | 105889 | 105891