2004-10-25 22:09:16 +01:00
|
|
|
/*
|
|
|
|
* (C) Copyright IBM Corporation 2004
|
|
|
|
* All Rights Reserved.
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a
|
|
|
|
* copy of this software and associated documentation files (the "Software"),
|
|
|
|
* to deal in the Software without restriction, including without limitation
|
|
|
|
* on the rights to use, copy, modify, merge, publish, distribute, sub
|
|
|
|
* license, and/or sell copies of the Software, and to permit persons to whom
|
|
|
|
* the Software is furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice (including the next
|
|
|
|
* paragraph) shall be included in all copies or substantial portions of the
|
|
|
|
* Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* IBM AND/OR THEIR SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
|
|
|
* DEALINGS IN THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \file glx_query.c
|
|
|
|
* Generic utility functions to query internal data from the server.
|
2009-08-12 11:41:22 +01:00
|
|
|
*
|
2004-10-25 22:09:16 +01:00
|
|
|
* \author Ian Romanick <idr@us.ibm.com>
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "glxclient.h"
|
|
|
|
|
2008-10-18 15:53:08 +01:00
|
|
|
# include <X11/Xlib-xcb.h>
|
|
|
|
# include <xcb/xcb.h>
|
|
|
|
# include <xcb/glx.h>
|
|
|
|
|
2008-11-03 17:31:22 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Exchange a protocol request for glXQueryServerString.
|
|
|
|
*/
|
|
|
|
char *
|
2021-04-22 23:39:41 +01:00
|
|
|
__glXQueryServerString(Display * dpy, CARD32 screen, CARD32 name)
|
2008-11-03 17:31:22 +00:00
|
|
|
{
|
|
|
|
xcb_connection_t *c = XGetXCBConnection(dpy);
|
2009-08-12 11:41:22 +01:00
|
|
|
xcb_glx_query_server_string_reply_t *reply =
|
2008-11-03 17:31:22 +00:00
|
|
|
xcb_glx_query_server_string_reply(c,
|
|
|
|
xcb_glx_query_server_string(c,
|
|
|
|
screen,
|
|
|
|
name),
|
|
|
|
NULL);
|
|
|
|
|
glx: Fix SEGV due to dereferencing a NULL ptr from XCB-GLX.
When run in optirun, applications that linked to `libGLX.so` and then
proceeded to querying Mesa for extension strings caused a SEGV in Mesa.
`glXQueryExtensionsString` was calling a chain of functions that
eventually led to `__glXQueryServerString`. This function would call
`xcb_glx_query_server_string` then `xcb_glx_query_server_string_reply`.
The latter for some unknown reason returned `NULL`. Passing this `NULL`
to `xcb_glx_query_server_string_string_length` would cause a SEGV as the
function tried to dereference it.
The reason behind the function returning `NULL` is yet to be determined,
however, simply checking that the ptr is not `NULL` resolves this. A
similar check has been added to `__glXGetString` for completeness sake,
although not immediately necessary.
In addition to that, we stumbled into a similar problem in
`AllocAndFetchScreenConfigs` which tries to access the configs to free
them if `__glXQueryServerString` fails. This, of course, SEGVs, because the
configs are yet to have been allocated. Simply continuing past the configs
if their config ptrs are `NULL` resolves this. We also switch to `calloc`
to make sure that the config ptrs are `NULL` by default, and not some
uninitialized value.
Cc: mesa-stable@lists.freedesktop.org
Fixes: 24b8a8cfe821 "glx: implement __glXGetString, hide __glXGetStringFromServer"
Fixes: cb3610e37c4c "Import the GLX client side library, formerly from xc/lib/GL/glx. Build it "
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Hal Gentz <zegentzy@protonmail.com>
2019-07-25 22:40:50 +01:00
|
|
|
if (!reply)
|
|
|
|
return NULL;
|
|
|
|
|
2008-11-03 17:31:22 +00:00
|
|
|
/* The spec doesn't mention this, but the Xorg server replies with
|
|
|
|
* a string already terminated with '\0'. */
|
|
|
|
uint32_t len = xcb_glx_query_server_string_string_length(reply);
|
2012-09-05 06:52:36 +01:00
|
|
|
char *buf = malloc(len);
|
2008-11-03 17:31:22 +00:00
|
|
|
memcpy(buf, xcb_glx_query_server_string_string(reply), len);
|
|
|
|
free(reply);
|
|
|
|
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Exchange a protocol request for glGetString.
|
|
|
|
*/
|
|
|
|
char *
|
2021-04-22 23:39:41 +01:00
|
|
|
__glXGetString(Display * dpy, CARD32 contextTag, CARD32 name)
|
2008-11-03 17:31:22 +00:00
|
|
|
{
|
|
|
|
xcb_connection_t *c = XGetXCBConnection(dpy);
|
2009-08-12 11:41:22 +01:00
|
|
|
xcb_glx_get_string_reply_t *reply = xcb_glx_get_string_reply(c,
|
|
|
|
xcb_glx_get_string
|
|
|
|
(c,
|
|
|
|
contextTag,
|
|
|
|
name),
|
|
|
|
NULL);
|
2008-11-03 17:31:22 +00:00
|
|
|
|
glx: Fix SEGV due to dereferencing a NULL ptr from XCB-GLX.
When run in optirun, applications that linked to `libGLX.so` and then
proceeded to querying Mesa for extension strings caused a SEGV in Mesa.
`glXQueryExtensionsString` was calling a chain of functions that
eventually led to `__glXQueryServerString`. This function would call
`xcb_glx_query_server_string` then `xcb_glx_query_server_string_reply`.
The latter for some unknown reason returned `NULL`. Passing this `NULL`
to `xcb_glx_query_server_string_string_length` would cause a SEGV as the
function tried to dereference it.
The reason behind the function returning `NULL` is yet to be determined,
however, simply checking that the ptr is not `NULL` resolves this. A
similar check has been added to `__glXGetString` for completeness sake,
although not immediately necessary.
In addition to that, we stumbled into a similar problem in
`AllocAndFetchScreenConfigs` which tries to access the configs to free
them if `__glXQueryServerString` fails. This, of course, SEGVs, because the
configs are yet to have been allocated. Simply continuing past the configs
if their config ptrs are `NULL` resolves this. We also switch to `calloc`
to make sure that the config ptrs are `NULL` by default, and not some
uninitialized value.
Cc: mesa-stable@lists.freedesktop.org
Fixes: 24b8a8cfe821 "glx: implement __glXGetString, hide __glXGetStringFromServer"
Fixes: cb3610e37c4c "Import the GLX client side library, formerly from xc/lib/GL/glx. Build it "
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Hal Gentz <zegentzy@protonmail.com>
2019-07-25 22:40:50 +01:00
|
|
|
if (!reply)
|
|
|
|
return NULL;
|
|
|
|
|
2008-11-03 17:31:22 +00:00
|
|
|
/* The spec doesn't mention this, but the Xorg server replies with
|
|
|
|
* a string already terminated with '\0'. */
|
|
|
|
uint32_t len = xcb_glx_get_string_string_length(reply);
|
2012-09-05 06:52:36 +01:00
|
|
|
char *buf = malloc(len);
|
2008-11-03 17:31:22 +00:00
|
|
|
memcpy(buf, xcb_glx_get_string_string(reply), len);
|
|
|
|
free(reply);
|
|
|
|
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|