[arch-commits] Commit in xorg-server/trunk (2 files)

Laurent Carlier lcarlier at archlinux.org
Fri Jul 17 17:49:37 UTC 2015


    Date: Friday, July 17, 2015 @ 19:49:36
  Author: lcarlier
Revision: 242328

upgpkg: xorg-server 1.17.2-4

add another patch to fix segfault introduced with previous release, related to latest xproto package

Added:
  xorg-server/trunk/0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch
Modified:
  xorg-server/trunk/PKGBUILD

-----------------------------------------------------------------+
 0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch |   63 ++++++++++
 PKGBUILD                                                        |    9 -
 2 files changed, 69 insertions(+), 3 deletions(-)

Added: 0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch
===================================================================
--- 0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch	                        (rev 0)
+++ 0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch	2015-07-17 17:49:36 UTC (rev 242328)
@@ -0,0 +1,63 @@
+From 7cc7ffd25d5e50b54cb942d07d4cb160f20ff9c5 Mon Sep 17 00:00:00 2001
+From: Martin Peres <martin.peres at linux.intel.com>
+Date: Fri, 17 Jul 2015 17:21:26 +0300
+Subject: [PATCH] os: make sure the clientsWritable fd_set is initialized
+ before use
+
+In WaitForSomething(), the fd_set clientsWritable may be used unitialized when
+the boolean AnyClientsWriteBlocked is set in the WakeupHandler(). This leads to
+a crash in FlushAllOutput() after x11proto's commit
+2c94cdb453bc641246cc8b9a876da9799bee1ce7.
+
+The problem did not manifest before because both the XFD_SIZE and the maximum
+number of clients were set to 256. As the connectionTranslation table was
+initalized for the 256 clients to 0, the test on the index not being 0 was
+aborting before dereferencing the client #0.
+
+As of commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7 in x11proto, the XFD_SIZE
+got bumped to 512. This lead the OutputPending fd_set to have any fd above 256
+to be uninitialized which in turns lead to reading an index after the end of
+the ConnectionTranslation table. This index would then be used to find the
+client corresponding to the fd marked as pending writes and would also result
+to an out-of-bound access which would usually be the fatal one.
+
+Fix this by zeroing the clientsWritable fd_set at the beginning of
+WaitForSomething(). In this case, the bottom part of the loop, which would
+indirectly call FlushAllOutput, will not do any work but the next call to
+select will result in the execution of the right codepath. This is exactly what
+we want because we need to know the writable clients before handling them. In
+the end, it also makes sure that the fds above MaxClient are initialized,
+preventing the crash in FlushAllOutput().
+
+Thanks to everyone involved in tracking this one down!
+
+Reported-by: Karol Herbst <freedesktop at karolherbst.de>
+Reported-by: Tobias Klausmann <tobias.klausmann at mni.thm.de>
+Signed-off-by: Martin Peres <martin.peres at linux.intel.com>
+Tested-by: Martin Peres <martin.peres at linux.intel.com>
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91316
+Cc: Ilia Mirkin  <imirkin at alum.mit.edu>
+Cc: Martin Peres <martin.peres at linux.intel.com>
+Cc: Olivier Fourdan <ofourdan at redhat.com
+Cc: Adam Jackson <ajax at redhat.com>
+Cc: Alan Coopersmith <alan.coopersmith at oracle.com
+Cc: Chris Wilson <chris at chris-wilson.co.uk>
+---
+ os/WaitFor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/os/WaitFor.c b/os/WaitFor.c
+index 431f1a6..993c14e 100644
+--- a/os/WaitFor.c
++++ b/os/WaitFor.c
+@@ -158,6 +158,7 @@ WaitForSomething(int *pClientsReady)
+     Bool someReady = FALSE;
+ 
+     FD_ZERO(&clientsReadable);
++    FD_ZERO(&clientsWritable);
+ 
+     if (nready)
+         SmartScheduleStopTimer();
+-- 
+2.4.5
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2015-07-17 16:05:19 UTC (rev 242327)
+++ PKGBUILD	2015-07-17 17:49:36 UTC (rev 242328)
@@ -5,7 +5,7 @@
 pkgbase=xorg-server
 pkgname=('xorg-server' 'xorg-server-xephyr' 'xorg-server-xdmx' 'xorg-server-xvfb' 'xorg-server-xnest' 'xorg-server-xwayland' 'xorg-server-common' 'xorg-server-devel')
 pkgver=1.17.2
-pkgrel=3
+pkgrel=4
 arch=('i686' 'x86_64')
 license=('custom')
 url="http://xorg.freedesktop.org"
@@ -23,7 +23,8 @@
         0001-dix-Add-unaccelerated-valuators-to-the-ValuatorMask.patch
         0002-dix-hook-up-the-unaccelerated-valuator-masks.patch
         0001-systemd-logind-do-not-rely-on-directed-signals.patch
-        0001-glamor-make-current-in-prepare-paths.patch)
+        0001-glamor-make-current-in-prepare-paths.patch
+        0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch)
 validpgpkeys=('7B27A3F1A6E18CD9588B4AE8310180050905E40C'
               'C383B778255613DFDB409D91DB221A6900000011'
               'DD38563A8A8224537D1F90E45B8A2D50A0ECD0D3')
@@ -35,7 +36,8 @@
             '3dc795002b8763a7d29db94f0af200131da9ce5ffc233bfd8916060f83a8fad7'
             '416a1422eed71efcebb1d893de74e7f27e408323a56c4df003db37f5673b3f96'
             '3d7edab3a54d647e7d924b29d29f91b50212f308fcb1853a5aacd3181f58276c'
-            '793579adbef979088cadc0fd9ce0c24df0455a6936d3de7a9356df537b7d9a81')
+            '793579adbef979088cadc0fd9ce0c24df0455a6936d3de7a9356df537b7d9a81'
+            'efc05c06af2bfdf588ef7a60b44c1d180fb353b1bffdfdf96415d63690b6e394')
 
 prepare() {
   cd "${pkgbase}-${pkgver}"
@@ -48,6 +50,7 @@
 
   # fix FS#45009, merged upstream
   patch -Np1 -i ../0001-glamor-make-current-in-prepare-paths.patch
+  patch -Np1 -i ../0001-os-make-sure-the-clientsWritable-fd_set-is-initializ.patch
 
   autoreconf -fvi
 }



More information about the arch-commits mailing list