Attachment 105889 Details for Bug 157421 – 1.1.1-dbe-render.diff

[patch] 1.1.1-dbe-render.diff

1.1.1-dbe-render.diff (text/plain), 5.20 KB, created by Joshua Baergen (RETIRED) on 2007-01-07 17:22:28 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Joshua Baergen (RETIRED)

Created: 2007-01-07 17:22:28 UTC

Size: 5.20 KB

patch

obsolete

>diff --git a/dbe/dbe.c b/dbe/dbe.c
>index 5b43dd1..6a2ed6a 100644
>--- a/dbe/dbe.c
>+++ b/dbe/dbe.c
>@@ -39,6 +39,11 @@
> #endif
> 
> #include <string.h>
>+#if HAVE_STDINT_T
>+#include <stdint.h>
>+#elif !defined(UINT32_MAX)
>+#define UINT32_MAX 0xffffffffU
>+#endif
> 
> #include <X11/X.h>
> #include <X11/Xproto.h>
>@@ -713,11 +718,14 @@ ProcDbeSwapBuffers(ClientPtr client)
>         return(Success);
>     }
> 
>+    if (nStuff > UINT32_MAX / sizeof(DbeSwapInfoRec))
>+	    return BadAlloc;
>+
>     /* Get to the swap info appended to the end of the request. */
>     dbeSwapInfo = (xDbeSwapInfo *)&stuff[1];
> 
>     /* Allocate array to record swap information. */ 
>-    swapInfo = (DbeSwapInfoPtr)ALLOCATE_LOCAL(nStuff * sizeof(DbeSwapInfoRec));
>+    swapInfo = (DbeSwapInfoPtr)Xalloc(nStuff * sizeof(DbeSwapInfoRec));
>     if (swapInfo == NULL)
>     {
>         return(BadAlloc);
>@@ -732,14 +740,14 @@ ProcDbeSwapBuffers(ClientPtr client)
>         if (!(pWin = SecurityLookupWindow(dbeSwapInfo[i].window, client,
> 					  SecurityWriteAccess)))
>         {
>-            DEALLOCATE_LOCAL(swapInfo);
>+            Xfree(swapInfo);
> 	    return(BadWindow);
>         }
> 
>         /* Each window must be double-buffered - BadMatch. */
>         if (DBE_WINDOW_PRIV(pWin) == NULL)
>         {
>-            DEALLOCATE_LOCAL(swapInfo);
>+            Xfree(swapInfo);
>             return(BadMatch);
>         }
> 
>@@ -748,7 +756,7 @@ ProcDbeSwapBuffers(ClientPtr client)
>         {
>             if (dbeSwapInfo[i].window == dbeSwapInfo[j].window)
>             {
>-                DEALLOCATE_LOCAL(swapInfo);
>+                Xfree(swapInfo);
>                 return(BadMatch);
> 	    }
>         }
>@@ -759,7 +767,7 @@ ProcDbeSwapBuffers(ClientPtr client)
>             (dbeSwapInfo[i].swapAction != XdbeUntouched ) &&
>             (dbeSwapInfo[i].swapAction != XdbeCopied    ))
>         {
>-            DEALLOCATE_LOCAL(swapInfo);
>+            Xfree(swapInfo);
>             return(BadValue);
>         }
> 
>@@ -789,12 +797,12 @@ ProcDbeSwapBuffers(ClientPtr client)
>         error = (*pDbeScreenPriv->SwapBuffers)(client, &nStuff, swapInfo);
>         if (error != Success)
>         {
>-            DEALLOCATE_LOCAL(swapInfo);
>+            Xfree(swapInfo);
>             return(error);
>         }
>     }
>     
>-    DEALLOCATE_LOCAL(swapInfo);
>+    Xfree(swapInfo);
>     return(Success);
> 
> } /* ProcDbeSwapBuffers() */
>@@ -876,10 +884,12 @@ ProcDbeGetVisualInfo(ClientPtr client)
> 
>     REQUEST_AT_LEAST_SIZE(xDbeGetVisualInfoReq);
> 
>+    if (stuff->n > UINT32_MAX / sizeof(DrawablePtr))
>+	    return BadAlloc;
>     /* Make sure any specified drawables are valid. */
>     if (stuff->n != 0)
>     {
>-        if (!(pDrawables = (DrawablePtr *)ALLOCATE_LOCAL(stuff->n *
>+        if (!(pDrawables = (DrawablePtr *)Xalloc(stuff->n *
>                                                  sizeof(DrawablePtr))))
>         {
>             return(BadAlloc);
>@@ -892,7 +902,7 @@ ProcDbeGetVisualInfo(ClientPtr client)
>             if (!(pDrawables[i] = (DrawablePtr)SecurityLookupDrawable(
> 				drawables[i], client, SecurityReadAccess)))
>             {
>-                DEALLOCATE_LOCAL(pDrawables);
>+                Xfree(pDrawables);
>                 return(BadDrawable);
>             }
>         }
>@@ -904,7 +914,7 @@ ProcDbeGetVisualInfo(ClientPtr client)
>     {
>         if (pDrawables)
>         {
>-            DEALLOCATE_LOCAL(pDrawables);
>+            Xfree(pDrawables);
>         }
> 
>         return(BadAlloc);
>@@ -931,7 +941,7 @@ ProcDbeGetVisualInfo(ClientPtr client)
>             /* Free pDrawables if we needed to allocate it above. */
>             if (pDrawables)
>             {
>-                DEALLOCATE_LOCAL(pDrawables);
>+                Xfree(pDrawables);
>             }
> 
>             return(BadAlloc);
>@@ -1012,7 +1022,7 @@ ProcDbeGetVisualInfo(ClientPtr client)
> 
>     if (pDrawables)
>     {
>-        DEALLOCATE_LOCAL(pDrawables);
>+        Xfree(pDrawables);
>     }
> 
>     return(client->noClientException);
>diff --git a/render/render.c b/render/render.c
>index e4d8d6b..55f360a 100644
>--- a/render/render.c
>+++ b/render/render.c
>@@ -47,6 +47,12 @@
> #include <X11/Xfuncproto.h>
> #include "cursorstr.h"
> 
>+#if HAVE_STDINT_H
>+#include <stdint.h>
>+#elif !defined(UINT32_MAX)
>+#define UINT32_MAX 0xffffffffU
>+#endif
>+
> static int ProcRenderQueryVersion (ClientPtr pClient);
> static int ProcRenderQueryPictFormats (ClientPtr pClient);
> static int ProcRenderQueryPictIndexValues (ClientPtr pClient);
>@@ -1103,11 +1109,14 @@ ProcRenderAddGlyphs (ClientPtr client)
>     }
> 
>     nglyphs = stuff->nglyphs;
>+    if (nglyphs > UINT32_MAX / sizeof(GlyphNewRec))
>+	    return BadAlloc;
>+
>     if (nglyphs <= NLOCALGLYPH)
> 	glyphsBase = glyphsLocal;
>     else
>     {
>-	glyphsBase = (GlyphNewPtr) ALLOCATE_LOCAL (nglyphs * sizeof (GlyphNewRec));
>+	glyphsBase = (GlyphNewPtr) Xalloc (nglyphs * sizeof (GlyphNewRec));
> 	if (!glyphsBase)
> 	    return BadAlloc;
>     }
>@@ -1164,7 +1173,7 @@ ProcRenderAddGlyphs (ClientPtr client)
>     }
> 
>     if (glyphsBase != glyphsLocal)
>-	DEALLOCATE_LOCAL (glyphsBase);
>+	Xfree (glyphsBase);
>     return client->noClientException;
> bail:
>     while (glyphs != glyphsBase)
>@@ -1173,7 +1182,7 @@ bail:
> 	xfree (glyphs->glyph);
>     }
>     if (glyphsBase != glyphsLocal)
>-	DEALLOCATE_LOCAL (glyphsBase);
>+	Xfree (glyphsBase);
>     return err;
> }
>

Actions: View | Diff

Attachments on bug 157421: 105779 | 105781 | 105783 | 105785 | 105885 | 105887 | 105889 | 105891