Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
X
xorg-server
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
pkg
obextra
xorg-server
Commits
8f0c0d2d
Commit
8f0c0d2d
authored
4 years ago
by
Eric Vidal
Browse files
Options
Downloads
Patches
Plain Diff
upgrel: 1.20.9-3
parent
a6d24fd1
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
trunk/0001-xfree86-Take-second-reference-for-SavedCursor-in-xf8.patch
+34
-0
34 additions, 0 deletions
...free86-Take-second-reference-for-SavedCursor-in-xf8.patch
trunk/PKGBUILD
+6
-2
6 additions, 2 deletions
trunk/PKGBUILD
with
40 additions
and
2 deletions
trunk/0001-xfree86-Take-second-reference-for-SavedCursor-in-xf8.patch
0 → 100644
+
34
−
0
View file @
8f0c0d2d
From 919f1f46fc67dae93b2b3f278fcbfc77af34ec58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <mdaenzer@redhat.com>
Date: Mon, 31 Aug 2020 12:10:43 +0200
Subject: [PATCH] xfree86: Take second reference for SavedCursor in
xf86CursorSetCursor
The same pointer is kept in CurrentCursor as well, therefore two
RefCursor calls are needed.
Fixes use-after-free after switching VTs.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1067
Signed-off-by: Laurent Carlier <lordheavym@gmail.com>
---
hw/xfree86/ramdac/xf86CursorRD.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/xfree86/ramdac/xf86CursorRD.c b/hw/xfree86/ramdac/xf86CursorRD.c
index 9aa3de97b..c8362d169 100644
--- a/hw/xfree86/ramdac/xf86CursorRD.c
+++ b/hw/xfree86/ramdac/xf86CursorRD.c
@@ -334,6 +334,9 @@
xf86CursorSetCursor(DeviceIntPtr pDev, ScreenPtr pScreen, CursorPtr pCurs,
ScreenPriv->HotY = cursor->bits->yhot;
if (!infoPtr->pScrn->vtSema) {
+ cursor = RefCursor(cursor);
+ if (ScreenPriv->SavedCursor)
+ FreeCursor(ScreenPriv->SavedCursor, None);
ScreenPriv->SavedCursor = cursor;
return;
}
--
2.28.0
This diff is collapsed.
Click to expand it.
trunk/PKGBUILD
+
6
−
2
View file @
8f0c0d2d
...
...
@@ -20,7 +20,7 @@ pkgname=(
'xorg-server-common'
'xorg-server-devel'
)
pkgver
=
1.20.
8
pkgver
=
1.20.
9
pkgrel
=
3
url
=
"https://xorg.freedesktop.org/releases/individual/xserver"
...
...
@@ -30,7 +30,8 @@ source=("${url}/${pkgbase}-${pkgver}.tar.bz2"{,.sig}
'0002-fix-libshadow-2.patch'
'xvfb-run'
## with updates from FC master
'xvfb-run.1'
'Xwrapper.config'
)
'Xwrapper.config'
'0001-xfree86-Take-second-reference-for-SavedCursor-in-xf8.patch'
)
#-------------------------------------| BUILD CONFIGURATION |-----------------------------------
...
...
@@ -80,6 +81,9 @@ prepare() {
## Fix libshadow.so: libfb.so => not found - FS#58731
patch
-Np1
-i
../0002-fix-libshadow-2.patch
# Fix FS#67774 - merged upstream
patch
-Np1
-i
../0001-xfree86-Take-second-reference-for-SavedCursor-in-xf8.patch
}
#--------------------------------------------| BUILD |------------------------------------------
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
