pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/47124: Cairo sends invalid parameter to X Server



>Number:         47124
>Category:       pkg
>Synopsis:       Cairo sends invalid parameter to X Server
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 25 16:45:00 +0000 2012
>Originator:     Aran Clauson
>Release:        6.99.11
>Organization:
>Environment:
NetBSD sanders 6.99.11 NetBSD 6.99.11 (SANDERS) #0: Mon Sep 17 14:11:22 PDT 
2012  aran@sanders:/home/NetBSD/obj/sys/arch/amd64/compile/SANDERS amd64
>Description:
Cairo doesn't initialize all of the members of XShmCompletionEvent in 
_cairo_xlib_shm_surface_mark_active.  Sometimes, this sends invalid arguments 
to the X.  With Firefox, this is detected as an unrecoverable error and the 
processes terminates.
>How-To-Repeat:
Build cairo, xulrunner, and firfox with pkgsrc-current.  
>Fix:
Add a bzero to the structure before sending it to the X server.  The following 
patch replaces 
pkgsrc/graphics/cairo/patches/patch-src_cairo-xlib-surface-shm.c.  The new 
stuff is the second chunk.


$NetBSD: patch-src_cairo-xlib-surface-shm.c,v 1.3 2012/10/20 00:55:07 wiz Exp $

First chunk:
Whilst reading through other users of XShm, it became apparent that
IPC_RMID behaves differently across the platforms. Linux allows
processes to attach to an existing ShmSegment id after a IPC_RMID, but
for others the IPC_RMID takes immediate effect. On those platforms
without a "deferred" IPC_RMID, we then need to perform the XShmAttach
synchronously before perfomring the IPC_RMID.
 
Reported-by: Thomas Klausner <wiz%NetBSD.org@localhost>
Signed-off-by: Chris Wilson <chris%chris-wilson.co.uk@localhost>

Rest:
Prevent application crashes under old version of X.org e.g. under
Mac OS X Lion. Patch taken from here:

http://cgit.freedesktop.org/cairo/commit/?id=b1532f465e05d566f6d160c5ca916a5a12614067

--- src/cairo-xlib-surface-shm.c.orig   2012-10-05 13:06:00.000000000 +0000
+++ src/cairo-xlib-surface-shm.c
@@ -449,6 +449,9 @@ _cairo_xlib_shm_pool_create(cairo_xlib_d
 
     pool->attached = NextRequest (dpy);
     success = XShmAttach (dpy, &pool->shm);
+#if !IPC_RMID_DEFERRED_RELEASE
+    XSync (dpy, FALSE);
+#endif
     shmctl (pool->shm.shmid, IPC_RMID, NULL);
 
     if (! success)
@@ -1018,6 +1021,7 @@ _cairo_xlib_shm_surface_mark_active (cai
     cairo_xlib_display_t *display = (cairo_xlib_display_t *) _shm->device;
     XShmCompletionEvent ev;
 
+    bzero (&ev, sizeof(ev));
     ev.type = display->shm->event;
     ev.drawable = display->shm->window;
     ev.major_code = display->shm->opcode;
@@ -1121,6 +1125,24 @@ _cairo_xlib_shm_surface_is_idle (cairo_s
     return shm->idle > 0;
 }
 
+#define XORG_VERSION_ENCODE(major,minor,patch,snap) \
+    (((major) * 10000000) + ((minor) * 100000) + ((patch) * 1000) + snap)
+
+static cairo_bool_t
+xorg_has_buggy_send_event(Display *dpy)
+{
+    /* Avoid incurring the wrath fixed by:
+     *
+     * commit 2d2dce558d24eeea0eb011ec9ebaa6c5c2273c39
+     * Author: Sam Spilsbury <sam.spilsbury%canonical.com@localhost>
+     * Date:   Wed Sep 14 09:58:34 2011 +0800
+     *
+     * Remove the SendEvent bit (0x80) before doing range checks on event type.
+     */
+    return (strstr (ServerVendor (dpy), "X.Org") != NULL &&
+           VendorRelease (dpy) < XORG_VERSION_ENCODE(1,11,0,1));
+}
+
 void
 _cairo_xlib_display_init_shm (cairo_xlib_display_t *display)
 {
@@ -1153,6 +1175,9 @@ _cairo_xlib_display_init_shm (cairo_xlib
                                 DefaultVisual (display->display, scr),
                                 CWOverrideRedirect, &attr);
 
+    if (xorg_has_buggy_send_event(display->display))
+       has_pixmap = 0;
+
     shm->has_pixmaps = has_pixmap ? MIN_PIXMAP_SIZE : 0;
     cairo_list_init (&shm->pool);
 


Home | Main Index | Thread Index | Old Index