head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.14
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.12
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.10
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.8
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.6
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.4
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.2
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.1.0.8
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.6
	pkgsrc-2008Q2-base:1.1
	cwrapper:1.1.0.4
	pkgsrc-2008Q1:1.1.0.2
	pkgsrc-2008Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2008.09.18.20.56.01;	author bjs;	state dead;
branches;
next	1.1;

1.1
date	2008.02.25.15.39.16;	author joerg;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Welcome to modular-xorg-server-1.4.2.

This long-overdue update brings many improvements:
  - Many improvements to EXA
  - Input Hotplugging via HAL or dbus (not enabled yet)
  - Support for RandR 1.2.  Users using a dual-head configuration are
    encouraged to see <http://www.x.org/wiki/Projects/XRandR> for more
    information.
  - The server now uses the same version of Mesa we have in pkgsrc;
    this likely will result in more reliable OpenGL/DRI operation.

I realize that this server is still not the latest release (1.5.0);
upgrading to that version will require an involved mesa update,
libpciaccess, etc.  I hope that by the next quarter, that work will be done.

Please file a problem report and/or contact us via the usual means
(mailing lists, etc.) should you encounter any issues.
@
text
@$NetBSD: patch-ec,v 1.1 2008/02/25 15:39:16 joerg Exp $

--- Xext/sampleEVI.c.orig	2006-09-18 08:04:17.000000000 +0200
+++ Xext/sampleEVI.c
@@@@ -35,6 +35,13 @@@@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
 #include <X11/extensions/XEVIstr.h>
 #include "EVIstruct.h"
 #include "scrnintstr.h"
+
+#if HAVE_STDINT_H
+#include <stdint.h>
+#elif !defined(UINT32_MAX)
+#define UINT32_MAX 0xffffffffU
+#endif
+
 static int sampleGetVisualInfo(
     VisualID32 *visual,
     int n_visual,
@@@@ -43,24 +50,36 @@@@ static int sampleGetVisualInfo(
     VisualID32 **conflict_rn,
     int *n_conflict_rn)
 {
-    int max_sz_evi = n_visual * sz_xExtendedVisualInfo * screenInfo.numScreens;
+    unsigned int max_sz_evi;
     VisualID32 *temp_conflict;
     xExtendedVisualInfo *evi;
-    int max_visuals = 0, max_sz_conflict, sz_conflict = 0;
+    unsigned int max_visuals = 0, max_sz_conflict, sz_conflict = 0;
     register int visualI, scrI, sz_evi = 0, conflictI, n_conflict;
-    *evi_rn = evi = (xExtendedVisualInfo *)xalloc(max_sz_evi);
-    if (!*evi_rn)
-         return BadAlloc;
+
+    if (n_visual > UINT32_MAX/(sz_xExtendedVisualInfo * screenInfo.numScreens))
+	return BadAlloc;
+    max_sz_evi = n_visual * sz_xExtendedVisualInfo * screenInfo.numScreens;
+    
     for (scrI = 0; scrI < screenInfo.numScreens; scrI++) {
         if (screenInfo.screens[scrI]->numVisuals > max_visuals)
             max_visuals = screenInfo.screens[scrI]->numVisuals;
     }
+
+    if (n_visual > UINT32_MAX/(sz_VisualID32 * screenInfo.numScreens 
+			       * max_visuals)) 
+	return BadAlloc;
     max_sz_conflict = n_visual * sz_VisualID32 * screenInfo.numScreens * max_visuals;
+
+    *evi_rn = evi = (xExtendedVisualInfo *)xalloc(max_sz_evi);
+    if (!*evi_rn)
+         return BadAlloc;
+
     temp_conflict = (VisualID32 *)xalloc(max_sz_conflict);
     if (!temp_conflict) {
         xfree(*evi_rn);
         return BadAlloc;
     }
+
     for (scrI = 0; scrI < screenInfo.numScreens; scrI++) {
         for (visualI = 0; visualI < n_visual; visualI++) {
 	    evi[sz_evi].core_visual_id = visual[visualI];
@


1.1
log
@modular-xorg-server-1.3.0nb5:
Fix a number of buffer-overflows, privacy-leaks and memory corruptions.
@
text
@d1 1
a1 1
$NetBSD$
@