[mutter] wayland: Seal SHM buffers before access
- From: Jasper St. Pierre <jstpierre src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [mutter] wayland: Seal SHM buffers before access
- Date: Sat, 10 Jan 2015 00:39:49 +0000 (UTC)
commit b6d070b06f895c57dc6eae05934acd73b86e22c8
Author: Marek Chalupa <mchqwerty gmail com>
Date: Fri Jan 9 16:09:23 2015 +0100
wayland: Seal SHM buffers before access
If wayland client lies about size of given buffer, compositor could touch bad
memory and get SIGBUS. Wayland provides simple API to fix it - so fix it!
[1] http://cgit.freedesktop.org/wayland/wayland/tree/src/wayland-server.h#n416
[2] http://lists.freedesktop.org/archives/wayland-devel/2013-November/012159.html
Signed-off-by: Marek Chalupa <mchqwerty gmail com>
https://bugzilla.gnome.org/show_bug.cgi?id=727893
src/backends/meta-cursor.c | 4 ++++
src/wayland/meta-wayland-buffer.c | 14 ++++++++++++++
2 files changed, 18 insertions(+), 0 deletions(-)
---
diff --git a/src/backends/meta-cursor.c b/src/backends/meta-cursor.c
index edab7d9..7c51ef0 100644
--- a/src/backends/meta-cursor.c
+++ b/src/backends/meta-cursor.c
@@ -317,6 +317,8 @@ meta_cursor_image_load_from_buffer (MetaCursorImage *image,
{
int rowstride = wl_shm_buffer_get_stride (shm_buffer);
+ wl_shm_buffer_begin_access (shm_buffer);
+
switch (wl_shm_buffer_get_format (shm_buffer))
{
#if G_BYTE_ORDER == G_BIG_ENDIAN
@@ -344,6 +346,8 @@ meta_cursor_image_load_from_buffer (MetaCursorImage *image,
(uint8_t *) wl_shm_buffer_get_data (shm_buffer),
width, height, rowstride,
gbm_format);
+
+ wl_shm_buffer_end_access (shm_buffer);
}
else
{
diff --git a/src/wayland/meta-wayland-buffer.c b/src/wayland/meta-wayland-buffer.c
index 40db3b0..f2cf1e7 100644
--- a/src/wayland/meta-wayland-buffer.c
+++ b/src/wayland/meta-wayland-buffer.c
@@ -91,13 +91,23 @@ meta_wayland_buffer_ensure_texture (MetaWaylandBuffer *buffer)
CoglContext *ctx = clutter_backend_get_cogl_context (clutter_get_default_backend ());
CoglError *catch_error = NULL;
CoglTexture *texture;
+ struct wl_shm_buffer *shm_buffer;
if (buffer->texture)
goto out;
+ shm_buffer = wl_shm_buffer_get (buffer->resource);
+
+ if (shm_buffer)
+ wl_shm_buffer_begin_access (shm_buffer);
+
texture = COGL_TEXTURE (cogl_wayland_texture_2d_new_from_buffer (ctx,
buffer->resource,
&catch_error));
+
+ if (shm_buffer)
+ wl_shm_buffer_end_access (shm_buffer);
+
if (!texture)
{
cogl_error_free (catch_error);
@@ -124,6 +134,8 @@ meta_wayland_buffer_process_damage (MetaWaylandBuffer *buffer,
n_rectangles = cairo_region_num_rectangles (region);
+ wl_shm_buffer_begin_access (shm_buffer);
+
for (i = 0; i < n_rectangles; i++)
{
cairo_rectangle_int_t rect;
@@ -133,5 +145,7 @@ meta_wayland_buffer_process_damage (MetaWaylandBuffer *buffer,
shm_buffer,
rect.x, rect.y, 0, NULL);
}
+
+ wl_shm_buffer_end_access (shm_buffer);
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]