scorpionit / rpms / xorg-x11-server

Forked from rpms/xorg-x11-server 4 years ago
Clone
Source Code
GIT

Files

ajax/upstream f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f7 f8 f9 master olpc2 olpc3 private-1_2-branch private-unbreak-domain-branch
  1.   f15
  2.   xserver-1.10.1-memcpy-abuse.patch
Blob Blame History Raw 
From f24c4b2e3803f2b0e4eb7de5288756c4f9758ad5 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Thu, 21 Apr 2011 16:41:14 -0400
Subject: [PATCH] fb: fix memcpy abuse

Signed-off-by: Adam Jackson <ajax@redhat.com>
---
 fb/fbblt.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/fb/fbblt.c b/fb/fbblt.c
index 38271c0..980ad5a 100644
--- a/fb/fbblt.c
+++ b/fb/fbblt.c
@@ -65,6 +65,7 @@ fbBlt (FbBits   *srcLine,
     int	    n, nmiddle;
     Bool    destInvarient;
     int	    startbyte, endbyte;
+    int     careful;
     FbDeclareMergeRop ();
 
 #ifdef FB_24BIT
@@ -76,12 +77,16 @@ fbBlt (FbBits   *srcLine,
     }
 #endif
 
-    if (alu == GXcopy && pm == FB_ALLONES && !reverse &&
+    careful = !((srcLine < dstLine && srcLine + width * (bpp/8) > dstLine) ||
+                (dstLine < srcLine && dstLine + width * (bpp/8) > srcLine)) ||
+              (bpp % 8);
+
+    if (alu == GXcopy && pm == FB_ALLONES && !careful &&
             !(srcX & 7) && !(dstX & 7) && !(width & 7)) {
         int i;
         CARD8 *src = (CARD8 *) srcLine;
         CARD8 *dst = (CARD8 *) dstLine;
-        
+
         srcStride *= sizeof(FbBits);
         dstStride *= sizeof(FbBits);
         width >>= 3;
-- 
1.7.4.4
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.