rpms/xorg-x11-server
6
0
Fork 0
Code Issues Pull Requests Releases Activity
72455413e3
xorg-x11-server/0001-glx-check-for-indirect-context-in-CreateContextAttri.patch
Olivier Fourdan b25ac7f75c Patches from upstream for Xwayland
2018-09-10 16:45:51 +02:00

61 lines
2.2 KiB
Diff
Raw Blame History

From 2881ce563661043ef0ee1163c63c120f3622e6d1 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 5 Sep 2018 15:06:55 +0200
Subject: [PATCH xserver] glx: check for indirect context in
CreateContextAttribsARB()
Commit 99f0365b "Add a command line argument for disabling indirect GLX"
added a test to check if indirect context are enabled in
`DoCreateContext()` but `__glXDisp_CreateContextAttribsARB()` doesn't
use `DoCreateContext()` and doesn't check if indirect context is
enabled.
As a result, clients can still manage to create indirect contexts using
`glXCreateContextAttribsARB()` even if indirect contexts are disabled,
which can possibly crash Xservers such as Xwayland or Xephyr when the
context is destroyed.
To avoid the issue, check for `enableIndirectGLX` in
`__glXDisp_CreateContextAttribsARB()` as well.
Fixes: 99f0365b "Add a command line argument for disabling indirect GLX"
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107508
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
---
glx/createcontext.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/glx/createcontext.c b/glx/createcontext.c
index 7d09c3a1c..24b02ddfb 100644
--- a/glx/createcontext.c
+++ b/glx/createcontext.c
@@ -28,6 +28,7 @@
#include "glxserver.h"
#include "glxext.h"
#include "indirect_dispatch.h"
+#include "opaque.h"
#define ALL_VALID_FLAGS \
(GLX_CONTEXT_DEBUG_BIT_ARB | GLX_CONTEXT_FORWARD_COMPATIBLE_BIT_ARB \
@@ -320,6 +321,17 @@ __glXDisp_CreateContextAttribsARB(__GLXclientState * cl, GLbyte * pc)
err = BadAlloc;
}
else {
+ /* Only allow creating indirect GLX contexts if allowed by
+ * server command line. Indirect GLX is of limited use (since
+ * it's only GL 1.4), it's slower than direct contexts, and
+ * it's a massive attack surface for buffer overflow type
+ * errors.
+ */
+ if (!enableIndirectGLX) {
+ client->errorValue = req->isDirect;
+ return BadValue;
+ }
+
ctx = glxScreen->createContext(glxScreen, config, shareCtx,
req->numAttribs, (uint32_t *) attribs,
&err);
--
2.19.0.rc1
Reference in New Issue View Git Blame Copy Permalink