From fa01985065305816e302c863d837b2aa56376bbc Mon Sep 17 00:00:00 2001 From: Timothy Strelchun Date: Mon, 21 Jun 2010 20:28:28 -0700 Subject: [PATCH] Added layer enumerators to CoreSurfaceAccessorID & updated handling Expanded CoreSurfaceAccessorID to include enumerators for all possible display layers to resolve array out-of-bounds accesses that can occur when display layer surfaces are locked (internally/externally) that have an id value > 7 and < MAX_LAYERS. Updated dfbdump tool to dump information regarding all available display layers. --- src/core/surface.h | 16 ++++++++++++---- src/core/surface_buffer.c | 10 +++++++++- systems/devmem/devmem_surface_pool.c | 10 +++++++++- systems/fbdev/fbdev_surface_pool.c | 10 +++++++++- tools/dfbdump.c | 4 ++-- 5 files changed, 41 insertions(+), 9 deletions(-) diff --git a/src/core/surface.h b/src/core/surface.h index 1d2d452..426741a 100644 --- a/src/core/surface.h +++ b/src/core/surface.h @@ -1,5 +1,5 @@ /* - (c) Copyright 2001-2009 The world wide DirectFB Open Source Community (directfb.org) + (c) Copyright 2001-2010 The world wide DirectFB Open Source Community (directfb.org) (c) Copyright 2000-2004 Convergence (integrated media) GmbH All rights reserved. @@ -145,7 +145,7 @@ typedef enum { CSAID_ACCEL4 = 0x00000006, CSAID_ACCEL5 = 0x00000007, - CSAID_LAYER0 = 0x00000008, /* display layers, registered by layer core (CSAID_LAYER0 + layer_id<0-7>) */ + CSAID_LAYER0 = 0x00000008, /* display layers, registered by layer core (CSAID_LAYER0 + layer_id<0-MAX_LAYERS>) */ CSAID_LAYER1 = 0x00000009, CSAID_LAYER2 = 0x0000000a, CSAID_LAYER3 = 0x0000000b, @@ -153,8 +153,16 @@ typedef enum { CSAID_LAYER5 = 0x0000000d, CSAID_LAYER6 = 0x0000000e, CSAID_LAYER7 = 0x0000000f, - - _CSAID_NUM = 0x00000010, /* number of statically assigned IDs for usage in static arrays */ + CSAID_LAYER8 = 0x00000010, + CSAID_LAYER9 = 0x00000011, + CSAID_LAYER10 = 0x00000012, + CSAID_LAYER11 = 0x00000013, + CSAID_LAYER12 = 0x00000014, + CSAID_LAYER13 = 0x00000015, + CSAID_LAYER14 = 0x00000016, + CSAID_LAYER15 = 0x00000017, + + _CSAID_NUM = 0x00000018, /* number of statically assigned IDs for usage in static arrays */ CSAID_ANY = 0x00000100, /* any other accessor needs to be registered using IDs starting from here */ } CoreSurfaceAccessorID; diff --git a/src/core/surface_buffer.c b/src/core/surface_buffer.c index 1d7915d..a07138e 100644 --- a/src/core/surface_buffer.c +++ b/src/core/surface_buffer.c @@ -1,5 +1,5 @@ /* - (c) Copyright 2001-2009 The world wide DirectFB Open Source Community (directfb.org) + (c) Copyright 2001-2010 The world wide DirectFB Open Source Community (directfb.org) (c) Copyright 2000-2004 Convergence (integrated media) GmbH All rights reserved. @@ -231,6 +231,14 @@ dfb_surface_buffer_lock( CoreSurfaceBuffer *buffer, case CSAID_LAYER5: case CSAID_LAYER6: case CSAID_LAYER7: + case CSAID_LAYER8: + case CSAID_LAYER9: + case CSAID_LAYER10: + case CSAID_LAYER11: + case CSAID_LAYER12: + case CSAID_LAYER13: + case CSAID_LAYER14: + case CSAID_LAYER15: D_DEBUG_AT( Core_SurfBuffer, " -> LAYER %d %s%s\n", accessor - CSAID_LAYER0, (access & CSAF_READ) ? "READ" : "", (access & CSAF_WRITE) ? "WRITE" : "" ); break; diff --git a/systems/devmem/devmem_surface_pool.c b/systems/devmem/devmem_surface_pool.c index 1d0b6f6..646a5e8 100644 --- a/systems/devmem/devmem_surface_pool.c +++ b/systems/devmem/devmem_surface_pool.c @@ -1,5 +1,5 @@ /* - (c) Copyright 2001-2009 The world wide DirectFB Open Source Community (directfb.org) + (c) Copyright 2001-2010 The world wide DirectFB Open Source Community (directfb.org) (c) Copyright 2000-2004 Convergence (integrated media) GmbH All rights reserved. @@ -131,6 +131,14 @@ devmemInitPool( CoreDFB *core, ret_desc->access[CSAID_LAYER5] = CSAF_READ; ret_desc->access[CSAID_LAYER6] = CSAF_READ; ret_desc->access[CSAID_LAYER7] = CSAF_READ; + ret_desc->access[CSAID_LAYER8] = CSAF_READ; + ret_desc->access[CSAID_LAYER9] = CSAF_READ; + ret_desc->access[CSAID_LAYER10] = CSAF_READ; + ret_desc->access[CSAID_LAYER11] = CSAF_READ; + ret_desc->access[CSAID_LAYER12] = CSAF_READ; + ret_desc->access[CSAID_LAYER13] = CSAF_READ; + ret_desc->access[CSAID_LAYER14] = CSAF_READ; + ret_desc->access[CSAID_LAYER15] = CSAF_READ; snprintf( ret_desc->name, DFB_SURFACE_POOL_DESC_NAME_LENGTH, "/dev/mem" ); diff --git a/systems/fbdev/fbdev_surface_pool.c b/systems/fbdev/fbdev_surface_pool.c index 79caab7..a129771 100644 --- a/systems/fbdev/fbdev_surface_pool.c +++ b/systems/fbdev/fbdev_surface_pool.c @@ -1,5 +1,5 @@ /* - (c) Copyright 2001-2009 The world wide DirectFB Open Source Community (directfb.org) + (c) Copyright 2001-2010 The world wide DirectFB Open Source Community (directfb.org) (c) Copyright 2000-2004 Convergence (integrated media) GmbH All rights reserved. @@ -124,6 +124,14 @@ fbdevInitPool( CoreDFB *core, ret_desc->access[CSAID_LAYER5] = CSAF_READ; ret_desc->access[CSAID_LAYER6] = CSAF_READ; ret_desc->access[CSAID_LAYER7] = CSAF_READ; + ret_desc->access[CSAID_LAYER8] = CSAF_READ; + ret_desc->access[CSAID_LAYER9] = CSAF_READ; + ret_desc->access[CSAID_LAYER10] = CSAF_READ; + ret_desc->access[CSAID_LAYER11] = CSAF_READ; + ret_desc->access[CSAID_LAYER12] = CSAF_READ; + ret_desc->access[CSAID_LAYER13] = CSAF_READ; + ret_desc->access[CSAID_LAYER14] = CSAF_READ; + ret_desc->access[CSAID_LAYER15] = CSAF_READ; snprintf( ret_desc->name, DFB_SURFACE_POOL_DESC_NAME_LENGTH, "Frame Buffer Memory" ); diff --git a/tools/dfbdump.c b/tools/dfbdump.c index c8f89b2..ca691a3 100644 --- a/tools/dfbdump.c +++ b/tools/dfbdump.c @@ -1,5 +1,5 @@ /* - (c) Copyright 2001-2009 The world wide DirectFB Open Source Community (directfb.org) + (c) Copyright 2001-2010 The world wide DirectFB Open Source Community (directfb.org) (c) Copyright 2000-2004 Convergence (integrated media) GmbH All rights reserved. @@ -446,7 +446,7 @@ surface_pool_info_callback( CoreSurfacePool *pool, (pool->desc.access[i] & CSAF_SHARED) ? 's' : '-' ); } - for (i=CSAID_LAYER0; i<=CSAID_LAYER2; i++) { + for (i=CSAID_LAYER0; i<=CSAID_LAYER15; i++) { printf( " %c%c%c", (pool->desc.access[i] & CSAF_READ) ? 'r' : '-', (pool->desc.access[i] & CSAF_WRITE) ? 'w' : '-', -- 1.6.1.9.g97c34