From 71d71362b9725ad3995a3e78f8a19ff46082320f Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Nov 01 2018 15:42:36 +0000 Subject: xserver 1.20.3 --- diff --git a/0001-xwayland-do-not-crash-if-gbm_bo_create-fails.patch b/0001-xwayland-do-not-crash-if-gbm_bo_create-fails.patch new file mode 100644 index 0000000..69d5b9f --- /dev/null +++ b/0001-xwayland-do-not-crash-if-gbm_bo_create-fails.patch @@ -0,0 +1,72 @@ +From d2af650a280f94d7ddd155cb499110ab45135100 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Fri, 19 Oct 2018 16:04:32 +0200 +Subject: [PATCH xserver] xwayland: do not crash if `gbm_bo_create()` fails + +The function `xwl_glamor_gbm_create_pixmap()` first creates a buffer +objects and then creates the xwl_pixmap from it. + +However, `xwl_glamor_gbm_create_pixmap_for_bo()` is not called if the +buffer object creation fails, and `xwl_glamor_gbm_create_pixmap()` +simply returns `glamor_create_pixmap()`. + +The problem with this is that if `xwl_glamor_gbm_create_pixmap_for_bo()` +is not called then neither is `xwl_pixmap_set_private()` and further +calls to `xwl_pixmap_get()` will return NULL and cause a NULL pointer +dereference if the return value is not checked: + + #0 xwl_glamor_gbm_get_wl_buffer_for_pixmap () + at hw/xwayland/xwayland-glamor-gbm.c:248 + #1 xwl_window_post_damage () at hw/xwayland/xwayland.c:697 + #2 xwl_display_post_damage () at hw/xwayland/xwayland.c:759 + #3 block_handler () at hw/xwayland/xwayland.c:890 + #4 BlockHandler () at dix/dixutils.c:388 + #5 WaitForSomething () at os/WaitFor.c:201 + #6 Dispatch () at dix/dispatch.c:421 + #7 dix_main () at dix/main.c:276 + #8 __libc_start_main () at ../csu/libc-start.c:308 + #9 _start () + + (gdb) print xwl_pixmap + $1 = (struct xwl_pixmap *) 0x0 + +Make sure we check for `xwl_pixmap_get()` returned value where relevant +and fail gracefully if this is the case. + +See also: https://gitlab.gnome.org/GNOME/mutter/issues/340 + +Signed-off-by: Olivier Fourdan +Reviewed-by: Marco Trevisan +Reviewed-by: Peter Hutterer +(cherry picked from commit 036794bebce72a3fa2f95996d2e537ff568e0ff1) +--- + hw/xwayland/xwayland-glamor-gbm.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/hw/xwayland/xwayland-glamor-gbm.c b/hw/xwayland/xwayland-glamor-gbm.c +index 6aa1e4641d..5f8a68fd8c 100644 +--- a/hw/xwayland/xwayland-glamor-gbm.c ++++ b/hw/xwayland/xwayland-glamor-gbm.c +@@ -244,6 +244,9 @@ xwl_glamor_gbm_get_wl_buffer_for_pixmap(PixmapPtr pixmap, + uint64_t modifier; + int i; + ++ if (xwl_pixmap == NULL) ++ return NULL; ++ + if (xwl_pixmap->buffer) { + /* Buffer already exists. Return it and inform caller if interested. */ + if (created) +@@ -494,6 +497,9 @@ glamor_egl_fds_from_pixmap(ScreenPtr screen, PixmapPtr pixmap, int *fds, + + xwl_pixmap = xwl_pixmap_get(pixmap); + ++ if (xwl_pixmap == NULL) ++ return 0; ++ + if (!xwl_pixmap->bo) + return 0; + +-- +2.19.1 + diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index f8805de..0ee723e 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -45,7 +45,7 @@ Summary: X.Org X11 X server Name: xorg-x11-server -Version: 1.20.2 +Version: 1.20.3 Release: 1%{?gitdate:.%{gitdate}}%{?dist} URL: http://www.x.org License: MIT @@ -95,6 +95,9 @@ Patch5: 0001-autobind-GPUs-to-the-screen.patch # because the display-managers are not ready yet, do not upstream Patch6: 0001-Fedora-hack-Make-the-suid-root-wrapper-always-start-.patch +# https://gitlab.freedesktop.org/ajax/xserver/tree/server-1.20-branch +Patch7: 0001-xwayland-do-not-crash-if-gbm_bo_create-fails.patch + BuildRequires: systemtap-sdt-devel BuildRequires: git BuildRequires: automake autoconf libtool pkgconfig @@ -528,6 +531,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %changelog +* Thu Nov 01 2018 Adam Jackson - 1.20.3-1 +- xserver 1.20.3 + * Mon Oct 15 2018 Adam Jackson - 1.20.2-1 - xserver 1.20.2