| Age | Commit message (Collapse) | Author |
|---|
|
Found by using:
codespell --builtin clear,rare,usage,informal,code,names
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
_XEatDataWords was orignally introduced with the May 2013 security
patches, and in order to ease the process of delivering those,
fallback versions of _XEatDataWords were included in the X extension
library patches so they could be applied to older versions that didn't
have libX11 1.6 yet. Now that we're past that hurdle, we can drop
the fallbacks and just require libX11 1.6 for building new versions
of the extension libraries.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
rep.length is a CARD32 and should be bounds checked before left shifting
to come up with the size to allocate and read from the network, though
since both functions take the same size, there should be no way for the
buffer to be overflowed in this case.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
When reading the name strings for the mode off the network, we never
checked to make sure the length of the name strings didn't overflow
the size of the buffer we'd allocated based on the reported rep.length
for the total reply size.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
rep.length is a CARD32 and needs to be bounds checked before bit shifting
and subtracting sz_xXDGAModeInfo to come up with the total size to allocate,
to avoid integer overflow or underflow leading to underallocation and
writing data from the network past the end of the allocated buffer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
When reading the name strings for the modes off the network, we never
checked to make sure the length of the individual name strings didn't
overflow the size of the buffer we'd allocated based on the reported
rep.length for the total reply size.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
number is a CARD32 and needs to be bounds checked before multiplying by
sizeof(XDGAmode) to come up with the total size to allocate, to avoid
integer overflow leading to underallocation and writing data from the
network past the end of the allocated buffer.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Found-by: Tinderbox
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
https://trac.macports.org/ticket/33532
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}'
git diff -w & git diff -b show no diffs from this change
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Fernando Carrijo <fcarrijo@yahoo.com.br>
Acked-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Compiler warning flags should be explicitly set in the makefile
rather than being merged with other packages compiler flags.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
f78f3ed3571ab0bd75753a7ab388120a383d894a removed xf86dga.h and instead
provided Xxf86dga.h. Let's use it!
Also, remove two superfluous includes, including it once per file is enough.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
The xf86dgaproto package (as of 2.0.99.2) now provides an include file
named xf86dga.h for compatibility. We now depend on that version.
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
In XF86DGAGetVideoLL(), we pass offset param as 'int' type, but
later we cast it to 'unsigned long' in calling MapPhysAddress().
This causes page table error on x86_64 system like below:
dga: Corrupted page table at address 2b9712b1b000
PGD 702a4067 PUD 6f830067 PMD 6f864067 PTE ffffffff80040027
Bad pagetable: 000f [1] SMP
CPU 0
Modules linked in: i915 drm dm_mirror dm_mod video button battery asus_acpi ac parport_pc parport nvram uhci_hcd ehci_hcd snd_hda_intel snd_hda_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss pcspkr snd_pcm i2c_i801 i2c_core e1000 snd_timer snd soundcore snd_page_alloc
Pid: 2509, comm: dga Not tainted 2.6.21-rc6 #2
RIP: 0033:[<0000003d119754a0>] [<0000003d119754a0>]
RSP: 002b:00007fff98f0d4c8 EFLAGS: 00010202
RAX: 0000000000008000 RBX: 0000000000000001 RCX: 00002b9712b1b000
RDX: 0000000000200000 RSI: 0000000000000071 RDI: 00002b9712b1b000
RBP: 0000000000000000 R08: 7171717171717171 R09: 0000000000000000
R10: 0000000000000000 R11: 0000003d119753e0 R12: 0000000000000000
R13: 00007fff98f0d730 R14: 0000000000503010 R15: 0000000000000000
FS: 00002b9712b19f60(0000) GS:ffffffff8060d000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00002b9712b1b000 CR3: 000000006ffdb000 CR4: 00000000000006e0
Process dga (pid: 2509, threadinfo ffff8100718de000, task ffff81006ffd67a0)
RIP [<0000003d119754a0>]
RSP <00007fff98f0d4c8>
This patch requires latest xf86dgaproto to build.
|
|
|
|
|
|
|
|
|
|
- Add file linking for Xxf86misc, Xxf86dga, and Xxf86vm.
- Check in build system for Xxf86misc, Xxf86dga, and Xxf86vm.
|
|
because CHAR_BIT is defined to __CHAR_BIT__ which is a compiler
intrinsic define. BugZilla #605: Fixing build on IA64 which is broken
due to the inclusion of the kernel header asm/page.h. Kernel headers
however don't work with
-ansi. The inclusion of asm/page.h can however savely be removed as it
there are plenty of other ways to determine the page size.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
