Update to xserver 1.11.2

author: Matthieu Herrb <matthieu@cvs.openbsd.org> 2011-11-05 13:32:59 +0000
committer: Matthieu Herrb <matthieu@cvs.openbsd.org> 2011-11-05 13:32:59 +0000
commit: bf781c5ff285301ad70ffc5f4321b8906f71edd8 (patch)
tree: 3b770f4bf9a8cd11dd9f14e7f758991a73a52d78 /xserver/glx/glxcmdsswap.c
parent: e59d0622d3162f7b5a7420ef87dbebb200348c37 (diff)
1 files changed, 161 insertions, 11 deletions
diff --git a/xserver/glx/glxcmdsswap.c b/xserver/glx/glxcmdsswap.c
index c414dc8e2..76e6fb629 100644
--- a/xserver/glx/glxcmdsswap.c
+++ b/xserver/glx/glxcmdsswap.c
@@ -37,7 +37,6 @@
 #include "glxutil.h"
 #include <GL/glxtokens.h>
 #include <unpack.h>
-#include "g_disptab.h"
 #include <pixmapstr.h>
 #include <windowstr.h>
 #include "glxext.h"
@@ -61,9 +60,12 @@
 
 int __glXDispSwap_CreateContext(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXCreateContextReq *req = (xGLXCreateContextReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXCreateContextReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->context);
     __GLX_SWAP_INT(&req->visual);
@@ -75,9 +77,12 @@ int __glXDispSwap_CreateContext(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_CreateNewContext(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXCreateNewContextReq *req = (xGLXCreateNewContextReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXCreateNewContextReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->context);
     __GLX_SWAP_INT(&req->fbconfig);
@@ -90,10 +95,13 @@ int __glXDispSwap_CreateNewContext(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_CreateContextWithConfigSGIX(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXCreateContextWithConfigSGIXReq *req =
 	(xGLXCreateContextWithConfigSGIXReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXCreateContextWithConfigSGIXReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->context);
     __GLX_SWAP_INT(&req->fbconfig);
@@ -106,9 +114,12 @@ int __glXDispSwap_CreateContextWithConfigSGIX(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_DestroyContext(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXDestroyContextReq *req = (xGLXDestroyContextReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXDestroyContextReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->context);
 
@@ -117,9 +128,12 @@ int __glXDispSwap_DestroyContext(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_MakeCurrent(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXMakeCurrentReq *req = (xGLXMakeCurrentReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXMakeCurrentReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->drawable);
     __GLX_SWAP_INT(&req->context);
@@ -130,9 +144,12 @@ int __glXDispSwap_MakeCurrent(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_MakeContextCurrent(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXMakeContextCurrentReq *req = (xGLXMakeContextCurrentReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXMakeContextCurrentReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->drawable);
     __GLX_SWAP_INT(&req->readdrawable);
@@ -144,9 +161,12 @@ int __glXDispSwap_MakeContextCurrent(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_MakeCurrentReadSGI(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXMakeCurrentReadSGIReq *req = (xGLXMakeCurrentReadSGIReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXMakeCurrentReadSGIReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->drawable);
     __GLX_SWAP_INT(&req->readable);
@@ -158,9 +178,12 @@ int __glXDispSwap_MakeCurrentReadSGI(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_IsDirect(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXIsDirectReq *req = (xGLXIsDirectReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXIsDirectReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->context);
 
@@ -169,9 +192,12 @@ int __glXDispSwap_IsDirect(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_QueryVersion(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXQueryVersionReq *req = (xGLXQueryVersionReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXQueryVersionReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->majorVersion);
     __GLX_SWAP_INT(&req->minorVersion);
@@ -181,9 +207,12 @@ int __glXDispSwap_QueryVersion(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_WaitGL(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXWaitGLReq *req = (xGLXWaitGLReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXWaitGLReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->contextTag);
 
@@ -192,9 +221,12 @@ int __glXDispSwap_WaitGL(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_WaitX(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXWaitXReq *req = (xGLXWaitXReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXWaitXReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->contextTag);
 
@@ -203,9 +235,12 @@ int __glXDispSwap_WaitX(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_CopyContext(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXCopyContextReq *req = (xGLXCopyContextReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXCopyContextReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->source);
     __GLX_SWAP_INT(&req->dest);
@@ -216,36 +251,48 @@ int __glXDispSwap_CopyContext(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_GetVisualConfigs(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXGetVisualConfigsReq *req = (xGLXGetVisualConfigsReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXGetVisualConfigsReq);
+
     __GLX_SWAP_INT(&req->screen);
     return __glXDisp_GetVisualConfigs(cl, pc);
 }
 
 int __glXDispSwap_GetFBConfigs(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXGetFBConfigsReq *req = (xGLXGetFBConfigsReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXGetFBConfigsReq);
+
     __GLX_SWAP_INT(&req->screen);
     return __glXDisp_GetFBConfigs(cl, pc);
 }
 
 int __glXDispSwap_GetFBConfigsSGIX(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXGetFBConfigsSGIXReq *req = (xGLXGetFBConfigsSGIXReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_AT_LEAST_SIZE(xGLXGetFBConfigsSGIXReq);
+
     __GLX_SWAP_INT(&req->screen);
     return __glXDisp_GetFBConfigsSGIX(cl, pc);
 }
 
 int __glXDispSwap_CreateGLXPixmap(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXCreateGLXPixmapReq *req = (xGLXCreateGLXPixmapReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXCreateGLXPixmapReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->screen);
     __GLX_SWAP_INT(&req->visual);
@@ -257,29 +304,41 @@ int __glXDispSwap_CreateGLXPixmap(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_CreatePixmap(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXCreatePixmapReq *req = (xGLXCreatePixmapReq *) pc;
     CARD32 *attribs;
     __GLX_DECLARE_SWAP_VARIABLES;
     __GLX_DECLARE_SWAP_ARRAY_VARIABLES;
 
+    REQUEST_AT_LEAST_SIZE(xGLXCreatePixmapReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->screen);
     __GLX_SWAP_INT(&req->fbconfig);
     __GLX_SWAP_INT(&req->pixmap);
     __GLX_SWAP_INT(&req->glxpixmap);
     __GLX_SWAP_INT(&req->numAttribs);
+
+    if (req->numAttribs > (UINT32_MAX >> 3)) {
+	client->errorValue = req->numAttribs;
+	return BadValue;
+    }
+    REQUEST_FIXED_SIZE(xGLXCreatePixmapReq, req->numAttribs << 3);
     attribs = (CARD32*)(req + 1);
-    __GLX_SWAP_INT_ARRAY(attribs, req->numAttribs);
+    __GLX_SWAP_INT_ARRAY(attribs, req->numAttribs << 1);
 
     return __glXDisp_CreatePixmap(cl, pc);
 }
 
 int __glXDispSwap_CreateGLXPixmapWithConfigSGIX(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXCreateGLXPixmapWithConfigSGIXReq *req = 
 	(xGLXCreateGLXPixmapWithConfigSGIXReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXCreateGLXPixmapWithConfigSGIXReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->screen);
     __GLX_SWAP_INT(&req->fbconfig);
@@ -291,9 +350,12 @@ int __glXDispSwap_CreateGLXPixmapWithConfigSGIX(__GLXclientState *cl, GLbyte *pc
 
 int __glXDispSwap_DestroyGLXPixmap(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXDestroyGLXPixmapReq *req = (xGLXDestroyGLXPixmapReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXDestroyGLXPixmapReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->glxpixmap);
 
@@ -302,9 +364,12 @@ int __glXDispSwap_DestroyGLXPixmap(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_DestroyPixmap(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXDestroyGLXPixmapReq *req = (xGLXDestroyGLXPixmapReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_AT_LEAST_SIZE(xGLXDestroyGLXPixmapReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->glxpixmap);
 
@@ -313,9 +378,12 @@ int __glXDispSwap_DestroyPixmap(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_QueryContext(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXQueryContextReq *req = (xGLXQueryContextReq *) pc;    
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXQueryContextReq);
+
     __GLX_SWAP_INT(&req->context);
 
     return __glXDisp_QueryContext(cl, pc);
@@ -323,26 +391,38 @@ int __glXDispSwap_QueryContext(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_CreatePbuffer(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXCreatePbufferReq *req = (xGLXCreatePbufferReq *) pc;    
     __GLX_DECLARE_SWAP_VARIABLES;
     __GLX_DECLARE_SWAP_ARRAY_VARIABLES;
     CARD32 *attribs;
 
+    REQUEST_AT_LEAST_SIZE(xGLXCreatePbufferReq);
+
     __GLX_SWAP_INT(&req->screen);
     __GLX_SWAP_INT(&req->fbconfig);
     __GLX_SWAP_INT(&req->pbuffer);
     __GLX_SWAP_INT(&req->numAttribs);
+
+    if (req->numAttribs > (UINT32_MAX >> 3)) {
+	client->errorValue = req->numAttribs;
+	return BadValue;
+    }
+    REQUEST_FIXED_SIZE(xGLXCreatePbufferReq, req->numAttribs << 3);
     attribs = (CARD32*)(req + 1);
-    __GLX_SWAP_INT_ARRAY(attribs, req->numAttribs);
+    __GLX_SWAP_INT_ARRAY(attribs, req->numAttribs << 1);
 
     return __glXDisp_CreatePbuffer(cl, pc);
 }
 
 int __glXDispSwap_CreateGLXPbufferSGIX(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXCreateGLXPbufferSGIXReq *req = (xGLXCreateGLXPbufferSGIXReq *) pc;    
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_AT_LEAST_SIZE(xGLXCreateGLXPbufferSGIXReq);
+
     __GLX_SWAP_INT(&req->screen);
     __GLX_SWAP_INT(&req->fbconfig);
     __GLX_SWAP_INT(&req->pbuffer);
@@ -354,9 +434,12 @@ int __glXDispSwap_CreateGLXPbufferSGIX(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_DestroyPbuffer(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXDestroyPbufferReq *req = (xGLXDestroyPbufferReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXDestroyPbufferReq);
+
     __GLX_SWAP_INT(&req->pbuffer);
 
     return __glXDisp_DestroyPbuffer(cl, pc);
@@ -364,9 +447,12 @@ int __glXDispSwap_DestroyPbuffer(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_DestroyGLXPbufferSGIX(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXDestroyGLXPbufferSGIXReq *req = (xGLXDestroyGLXPbufferSGIXReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXDestroyGLXPbufferSGIXReq);
+
     __GLX_SWAP_INT(&req->pbuffer);
 
     return __glXDisp_DestroyGLXPbufferSGIX(cl, pc);
@@ -374,16 +460,27 @@ int __glXDispSwap_DestroyGLXPbufferSGIX(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_ChangeDrawableAttributes(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXChangeDrawableAttributesReq *req =
 	(xGLXChangeDrawableAttributesReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
     __GLX_DECLARE_SWAP_ARRAY_VARIABLES;
     CARD32 *attribs;
 
+    REQUEST_AT_LEAST_SIZE(xGLXChangeDrawableAttributesReq);
+
     __GLX_SWAP_INT(&req->drawable);
     __GLX_SWAP_INT(&req->numAttribs);
+
+    if (req->numAttribs > (UINT32_MAX >> 3)) {
+	client->errorValue = req->numAttribs;
+	return BadValue;
+    }
+    if (((sizeof(xGLXChangeDrawableAttributesReq) + (req->numAttribs << 3)) >> 2) < client->req_len)
+	return BadLength;
+
     attribs = (CARD32*)(req + 1);
-    __GLX_SWAP_INT_ARRAY(attribs, req->numAttribs);
+    __GLX_SWAP_INT_ARRAY(attribs, req->numAttribs << 1);
 
     return __glXDisp_ChangeDrawableAttributes(cl, pc);
 }
@@ -391,43 +488,64 @@ int __glXDispSwap_ChangeDrawableAttributes(__GLXclientState *cl, GLbyte *pc)
 int __glXDispSwap_ChangeDrawableAttributesSGIX(__GLXclientState *cl,
 					       GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXChangeDrawableAttributesSGIXReq *req =
 	(xGLXChangeDrawableAttributesSGIXReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
     __GLX_DECLARE_SWAP_ARRAY_VARIABLES;
     CARD32 *attribs;
 
+    REQUEST_AT_LEAST_SIZE(xGLXChangeDrawableAttributesSGIXReq);
+
     __GLX_SWAP_INT(&req->drawable);
     __GLX_SWAP_INT(&req->numAttribs);
+
+    if (req->numAttribs > (UINT32_MAX >> 3)) {
+	client->errorValue = req->numAttribs;
+	return BadValue;
+    }
+    REQUEST_FIXED_SIZE(xGLXChangeDrawableAttributesSGIXReq, req->numAttribs << 3);
     attribs = (CARD32*)(req + 1);
-    __GLX_SWAP_INT_ARRAY(attribs, req->numAttribs);
+    __GLX_SWAP_INT_ARRAY(attribs, req->numAttribs << 1);
 
     return __glXDisp_ChangeDrawableAttributesSGIX(cl, pc);
 }
 
 int __glXDispSwap_CreateWindow(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXCreateWindowReq *req = (xGLXCreateWindowReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
     __GLX_DECLARE_SWAP_ARRAY_VARIABLES;
     CARD32 *attribs;
 
+    REQUEST_AT_LEAST_SIZE(xGLXCreateWindowReq);
+
     __GLX_SWAP_INT(&req->screen);
     __GLX_SWAP_INT(&req->fbconfig);
     __GLX_SWAP_INT(&req->window);
     __GLX_SWAP_INT(&req->glxwindow);
     __GLX_SWAP_INT(&req->numAttribs);
+
+    if (req->numAttribs > (UINT32_MAX >> 3)) {
+	client->errorValue = req->numAttribs;
+	return BadValue;
+    }
+    REQUEST_FIXED_SIZE(xGLXCreateWindowReq, req->numAttribs << 3);
     attribs = (CARD32*)(req + 1);
-    __GLX_SWAP_INT_ARRAY(attribs, req->numAttribs);
+    __GLX_SWAP_INT_ARRAY(attribs, req->numAttribs << 1);
 
     return __glXDisp_CreateWindow(cl, pc);
 }
 
 int __glXDispSwap_DestroyWindow(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXDestroyWindowReq *req = (xGLXDestroyWindowReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_AT_LEAST_SIZE(xGLXDestroyWindowReq);
+
     __GLX_SWAP_INT(&req->glxwindow);
 
     return __glXDisp_DestroyWindow(cl, pc);
@@ -435,9 +553,12 @@ int __glXDispSwap_DestroyWindow(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_SwapBuffers(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXSwapBuffersReq *req = (xGLXSwapBuffersReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXSwapBuffersReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->contextTag);
     __GLX_SWAP_INT(&req->drawable);
@@ -447,9 +568,12 @@ int __glXDispSwap_SwapBuffers(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_UseXFont(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXUseXFontReq *req = (xGLXUseXFontReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXUseXFontReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->contextTag);
     __GLX_SWAP_INT(&req->font);
@@ -463,9 +587,12 @@ int __glXDispSwap_UseXFont(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_QueryExtensionsString(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXQueryExtensionsStringReq *req = (xGLXQueryExtensionsStringReq *)pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXQueryExtensionsStringReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->screen);
 
@@ -474,9 +601,12 @@ int __glXDispSwap_QueryExtensionsString(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_QueryServerString(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXQueryServerStringReq *req = (xGLXQueryServerStringReq *)pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXQueryServerStringReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->screen);
     __GLX_SWAP_INT(&req->name);
@@ -486,9 +616,12 @@ int __glXDispSwap_QueryServerString(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_ClientInfo(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXClientInfoReq *req = (xGLXClientInfoReq *)pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_AT_LEAST_SIZE(xGLXClientInfoReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->major);
     __GLX_SWAP_INT(&req->minor);
@@ -499,9 +632,12 @@ int __glXDispSwap_ClientInfo(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_QueryContextInfoEXT(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXQueryContextInfoEXTReq *req = (xGLXQueryContextInfoEXTReq *) pc;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXQueryContextInfoEXTReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->context);
 
@@ -510,33 +646,41 @@ int __glXDispSwap_QueryContextInfoEXT(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_BindTexImageEXT(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXVendorPrivateReq *req = (xGLXVendorPrivateReq *) pc;
     GLXDrawable		 *drawId;
     int			 *buffer;
-    
+    CARD32		 *num_attribs;
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    if ((sizeof(xGLXVendorPrivateReq) + 12) >> 2 > client->req_len)
+	return BadLength;
+
     pc += __GLX_VENDPRIV_HDR_SIZE;
 
     drawId = ((GLXDrawable *) (pc));
     buffer = ((int *)	      (pc + 4));
+    num_attribs = ((CARD32 *) (pc + 8));
     
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->contextTag);
     __GLX_SWAP_INT(drawId);
     __GLX_SWAP_INT(buffer);
+    __GLX_SWAP_INT(num_attribs);
 
     return __glXDisp_BindTexImageEXT(cl, (GLbyte *)pc);
 }
 
 int __glXDispSwap_ReleaseTexImageEXT(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXVendorPrivateReq *req = (xGLXVendorPrivateReq *) pc;
     GLXDrawable		 *drawId;
     int			 *buffer;
-    
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 8);
+
     pc += __GLX_VENDPRIV_HDR_SIZE;
 
     drawId = ((GLXDrawable *) (pc));
@@ -552,12 +696,14 @@ int __glXDispSwap_ReleaseTexImageEXT(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_CopySubBufferMESA(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXVendorPrivateReq *req = (xGLXVendorPrivateReq *) pc;
     GLXDrawable		 *drawId;
     int			 *buffer;
-
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 20);
+
     (void) drawId;
     (void) buffer;
 
@@ -577,11 +723,13 @@ int __glXDispSwap_CopySubBufferMESA(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_GetDrawableAttributesSGIX(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXVendorPrivateWithReplyReq *req = (xGLXVendorPrivateWithReplyReq *)pc;
     CARD32 *data;
-    
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_SIZE_MATCH(xGLXGetDrawableAttributesSGIXReq);
+
     data = (CARD32 *) (req + 1);
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->contextTag);
@@ -592,10 +740,12 @@ int __glXDispSwap_GetDrawableAttributesSGIX(__GLXclientState *cl, GLbyte *pc)
 
 int __glXDispSwap_GetDrawableAttributes(__GLXclientState *cl, GLbyte *pc)
 {
+    ClientPtr client = cl->client;
     xGLXGetDrawableAttributesReq *req = (xGLXGetDrawableAttributesReq *)pc;
-    
     __GLX_DECLARE_SWAP_VARIABLES;
 
+    REQUEST_AT_LEAST_SIZE(xGLXGetDrawableAttributesReq);
+
     __GLX_SWAP_SHORT(&req->length);
     __GLX_SWAP_INT(&req->drawable);
author	Matthieu Herrb <matthieu@cvs.openbsd.org>	2011-11-05 13:32:59 +0000
committer	Matthieu Herrb <matthieu@cvs.openbsd.org>	2011-11-05 13:32:59 +0000
commit	bf781c5ff285301ad70ffc5f4321b8906f71edd8 (patch)
tree	3b770f4bf9a8cd11dd9f14e7f758991a73a52d78 /xserver/glx/glxcmdsswap.c
parent	e59d0622d3162f7b5a7420ef87dbebb200348c37 (diff)