Age | Commit message (Collapse) | Author |
|
XvMC.c: In function ‘XvMCListSurfaceTypes’:
XvMC.c:124:19: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
for(i = 0; i < rep.num; i++) {
^
XvMC.c: In function ‘XvMCListSubpictureTypes’:
XvMC.c:185:26: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
for(i = 0; i < rep.num; i++) {
^
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
If we store the result of shmget in a CARD32 (unsigned int), then
checking if it returned -1 for an error by using >= 0 doesn't work.
Also, once the request is flushed from the buffer (as XReply does),
there's no guarantee the values in it are still valid, so it's better
to rely on our local variable instead.
Fixes: https://gitlab.freedesktop.org/xorg/lib/libxvmc/issues/1
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
If an empty string is received from an x-server, do not underrun the
buffer by accessing "rep.nameLen - 1" unconditionally, which could end
up being -1.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
_XEatDataWords was orignally introduced with the May 2013 security
patches, and in order to ease the process of delivering those,
fallback versions of _XEatDataWords were included in the X extension
library patches so they could be applied to older versions that didn't
have libX11 1.6 yet. Now that we're past that hurdle, we can drop
the fallbacks and just require libX11 1.6 for building new versions
of the extension libraries.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Al Viro pointed this out on lwn: if nameLen + busIDLen overflows, we end
up copying data from outside tmpBuf.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Al Viro pointed out that Debian started segfaulting in Xine for him,
Reported-by: Al Viro
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
The individual string sizes is assumed to not be more than the amount of
data read from the network, and could cause buffer overflow if they are.
The strings returned from the X server are assumed to be null terminated,
and could cause callers to read past the end of the buffer if they are not.
Also be sure to set the returned pointers to NULL, so callers don't try
accessing bad pointers on failure cases.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
rep.length is a CARD32 and should be bounds checked before left-shifting
by 2 bits to come up with the total size to allocate, though in these
cases, no buffer overflow should occur here, since the XRead call is passed
the same rep.length << 2 length argument, but the *priv_count returned to
the caller could be interpreted or used to calculate a larger buffer size
than was actually allocated, leading them to go out of bounds.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
rep.num is a CARD32 and needs to be bounds checked before multiplying by
sizeof(XvImageFormatValues) to come up with the total size to allocate,
to avoid integer overflow leading to underallocation and writing data from
the network past the end of the allocated buffer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
rep.num is a CARD32 and needs to be bounds checked before multiplying
by sizeof(XvMCSurfaceInfo) to come up with the total size to allocate,
to avoid integer overflow leading to underallocation and writing data from
the network past the end of the allocated buffer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}'
git diff -w & git diff -b show no diffs from this change
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Which follows a uniform naming convention.
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
This prevents the use of per-target compiler flags.
Makefiles are simpler.
The -D flags for the wrapper are moved with pre-precessor flags.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Fernando Carrijo <fcarrijo@yahoo.com.br>
Acked-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
This fixes compilation breakage after 9190399907610486001f3676945958dbab4b837a in videoproto
Found by tinderbox
Signed-off-by: Jeremy Huddleston <jeremyhu@freedesktop.org>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
|
|
|
|
This is done just to not generate compile warnings about functions without
prototype, but at some time the comment in XvMC.c should be addressed:
/******************************************************************
These are intended as a protocol interface to be used by direct
rendering libraries. They are not intended to be client viewable
functions. These will stay in place until we have a mechanism in
place similar to that of OpenGL with an libXvMCcore library.
*******************************************************************/
|
|
|
|
|
|
|
|
|
|
|
|
Include <config.h> to get HAS_SHM define.
|
|
|
|
|
|
|
|
before revision definitions for libXvMCW (Cedric Berger)
|
|
a global configure cache don't get confused.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
insufficient SHM detection in XvMC local test. Removed reference to
getpagesize() which caused linking problems on s390. Reported by Stefan
Dirsch <sndirsh@suse.de>
|
|
Added support for automatic loading of the correct hardware XvMC driver.
This involves a protocol extension of the XvMC protocol. The XvMC
revision number was bumped.
|
|
enables hardware mpeg2 decoding for the CLE266 chip using the
nonstandard VLD XvMC extension. Complete author information is
available at the unichrome site. Updated the XvMC wrapper to look for
version specific Xv and XvMC shared libraries.
|
|
specific XvMC libraries.
|
|
|
|
|
|
|
|
|