debian/changelog |
7 +
debian/patches/os-make-sure-the-clientswritable-fd-set-is-initialized.diff |
63 ++++++++++
debian/patches/series |
1
3 files changed, 71 insertions(+)
New commits:
commit 90d42c38b455afbe55579612f7e59a151bcb465e
Author: Timo Aaltonen <tjaal...@debian.org>
Date: Tue Sep 8 10:30:46 2015 +0300
release to wily
diff --git a/debian/changelog b/debian/changelog
index 229ceff..2448815 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,9 @@
-xorg-server (2:1.17.2-1ubuntu6) UNRELEASED; urgency=medium
+xorg-server (2:1.17.2-1ubuntu6) wily; urgency=medium
* os-make-sure-the-clientswritable-fd-set-is-initialized.diff: Fix
crashers caused by newer xproto bumping XFD_SETSIZE. (LP: #1484380)
- -- Timo Aaltonen <tjaal...@debian.org> Tue, 08 Sep 2015 10:16:29 +0300
+ -- Timo Aaltonen <tjaal...@debian.org> Tue, 08 Sep 2015 10:30:31 +0300
xorg-server (2:1.17.2-1ubuntu5) wily; urgency=medium
commit aef44943b6730c8f3800dbef6ff55b36657b5d5e
Author: Timo Aaltonen <tjaal...@debian.org>
Date: Tue Sep 8 10:30:22 2015 +0300
os-make-sure-the-clientswritable-fd-set-is-initialized.diff: Fix crashers
caused by newer xproto bumping XFD_SETSIZE. (LP: #1484380)
diff --git a/debian/changelog b/debian/changelog
index fe8c4d1..229ceff 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg-server (2:1.17.2-1ubuntu6) UNRELEASED; urgency=medium
+
+ * os-make-sure-the-clientswritable-fd-set-is-initialized.diff: Fix
+ crashers caused by newer xproto bumping XFD_SETSIZE. (LP: #1484380)
+
+ -- Timo Aaltonen <tjaal...@debian.org> Tue, 08 Sep 2015 10:16:29 +0300
+
xorg-server (2:1.17.2-1ubuntu5) wily; urgency=medium
* disable-rotation-transform-gpuscreens.patch: Revert back to disabling
diff --git
a/debian/patches/os-make-sure-the-clientswritable-fd-set-is-initialized.diff
b/debian/patches/os-make-sure-the-clientswritable-fd-set-is-initialized.diff
new file mode 100644
index 0000000..b3a7d2e
--- /dev/null
+++ b/debian/patches/os-make-sure-the-clientswritable-fd-set-is-initialized.diff
@@ -0,0 +1,63 @@
+From 7cc7ffd25d5e50b54cb942d07d4cb160f20ff9c5 Mon Sep 17 00:00:00 2001
+From: Martin Peres <martin.pe...@linux.intel.com>
+Date: Fri, 17 Jul 2015 17:21:26 +0300
+Subject: [PATCH] os: make sure the clientsWritable fd_set is initialized
+ before use
+
+In WaitForSomething(), the fd_set clientsWritable may be used unitialized when
+the boolean AnyClientsWriteBlocked is set in the WakeupHandler(). This leads to
+a crash in FlushAllOutput() after x11proto's commit
+2c94cdb453bc641246cc8b9a876da9799bee1ce7.
+
+The problem did not manifest before because both the XFD_SIZE and the maximum
+number of clients were set to 256. As the connectionTranslation table was
+initalized for the 256 clients to 0, the test on the index not being 0 was
+aborting before dereferencing the client #0.
+
+As of commit 2c94cdb453bc641246cc8b9a876da9799bee1ce7 in x11proto, the XFD_SIZE
+got bumped to 512. This lead the OutputPending fd_set to have any fd above 256
+to be uninitialized which in turns lead to reading an index after the end of
+the ConnectionTranslation table. This index would then be used to find the
+client corresponding to the fd marked as pending writes and would also result
+to an out-of-bound access which would usually be the fatal one.
+
+Fix this by zeroing the clientsWritable fd_set at the beginning of
+WaitForSomething(). In this case, the bottom part of the loop, which would
+indirectly call FlushAllOutput, will not do any work but the next call to
+select will result in the execution of the right codepath. This is exactly what
+we want because we need to know the writable clients before handling them. In
+the end, it also makes sure that the fds above MaxClient are initialized,
+preventing the crash in FlushAllOutput().
+
+Thanks to everyone involved in tracking this one down!
+
+Reported-by: Karol Herbst <freedesk...@karolherbst.de>
+Reported-by: Tobias Klausmann <tobias.klausm...@mni.thm.de>
+Signed-off-by: Martin Peres <martin.pe...@linux.intel.com>
+Tested-by: Martin Peres <martin.pe...@linux.intel.com>
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91316
+Cc: Ilia Mirkin <imir...@alum.mit.edu>
+Cc: Martin Peres <martin.pe...@linux.intel.com>
+Cc: Olivier Fourdan <ofour...@redhat.com
+Cc: Adam Jackson <a...@redhat.com>
+Cc: Alan Coopersmith <alan.coopersm...@oracle.com
+Cc: Chris Wilson <ch...@chris-wilson.co.uk>
+---
+ os/WaitFor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/os/WaitFor.c b/os/WaitFor.c
+index 431f1a6..993c14e 100644
+--- a/os/WaitFor.c
++++ b/os/WaitFor.c
+@@ -158,6 +158,7 @@ WaitForSomething(int *pClientsReady)
+ Bool someReady = FALSE;
+
+ FD_ZERO(&clientsReadable);
++ FD_ZERO(&clientsWritable);
+
+ if (nready)
+ SmartScheduleStopTimer();
+--
+2.4.5
+
diff --git a/debian/patches/series b/debian/patches/series
index bbac1ac..e1f102b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -51,3 +51,4 @@ xmir-rootless.patch
xmir-desktop-file-hint-flag.patch
drm_device_keep_trying.patch
xi2-resize-touch.patch
+os-make-sure-the-clientswritable-fd-set-is-initialized.diff
