Version in base suite: 3.5.99.19-3 Base version: nx-libs_3.5.99.19-3 Target version: nx-libs_3.5.99.19-3+deb10u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/n/nx-libs/nx-libs_3.5.99.19-3.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/n/nx-libs/nx-libs_3.5.99.19-3+deb10u1.dsc changelog | 30 ++ patches/0012_xkb-initialize-tsyms.patch | 41 +++ patches/0013_Screen.c-correctly-free-stuff-in-nxagentCloseScreen.patch | 58 ++++ patches/0014_Screen.c-Fix-make-sure-RRCloseScreen-is-being-called.patch | 68 +++++ patches/0015_Keyboard.c-nullify-freed-pointers.patch | 41 +++ patches/0017_Fix-memleaks-Free-devPrivates-of-devices-on-shutdown.patch | 82 ++++++ patches/0018_Screen.c-fix-another-memory-leak.patch | 69 +++++ patches/0019_mi-miinitext.c-fix-memleaks-remove-double-glx-initia.patch | 68 +++++ patches/0023_glxext.c-fix-another-memory-leak.patch | 47 +++ patches/0026_glyph.c-fix-a-read-beyond-end-of-heap-buffer.patch | 129 ++++++++++ patches/0027_Keyboard.c-fix-three-memory-leaks.patch | 40 +++ patches/0028_Quarks.c-add-missing.patch | 25 + patches/0029_dix-dispatch-fix-a-small-memory-leak.patch | 22 + patches/0030_fb-fix-memory-leak-in-fbOverlayFinishScreenInit.patch | 48 +++ patches/0031_render-Propagate-allocation-failure-from-createSourc.patch | 47 +++ patches/0032_NXrender-fix-another-memleak.patch | 29 ++ patches/0033_Screen.c-fix-two-memleaks.patch | 79 ++++++ patches/0034_Screen.c-fix-two-more-memleaks-of-visuals.patch | 32 ++ patches/0036_os-access.c-add-missing.patch | 24 + patches/0038_NXdixfonts.c-fix-index-out-of-bounds.patch | 34 ++ patches/0041_compext-Png.c-Nullify-after-free.patch | 22 + patches/0042_mi-miexpose.c-add-missing-free.patch | 22 + patches/0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch | 35 ++ patches/0050_Keyboard.c-fix-another-cppcheck-finding.patch | 28 ++ patches/series | 31 ++ 25 files changed, 1147 insertions(+), 4 deletions(-) diff -Nru nx-libs-3.5.99.19/debian/changelog nx-libs-3.5.99.19/debian/changelog --- nx-libs-3.5.99.19/debian/changelog 2019-05-24 20:27:02.000000000 +0000 +++ nx-libs-3.5.99.19/debian/changelog 2019-06-22 09:49:12.000000000 +0000 @@ -1,3 +1,33 @@ +nx-libs (2:3.5.99.19-3+deb10u1) buster; urgency=medium + + * Patch backport of upstream's memleak-hunt... + * debian/patches: + + Add 0012_xkb-initialize-tsyms.patch + + Add 0013_Screen.c-correctly-free-stuff-in-nxagentCloseScreen.patch + + Add 0014_Screen.c-Fix-make-sure-RRCloseScreen-is-being-called.patch + + Add 0015_Keyboard.c-nullify-freed-pointers.patch + + Add 0017_Fix-memleaks-Free-devPrivates-of-devices-on-shutdown.patch + + Add 0018_Screen.c-fix-another-memory-leak.patch + + Add 0019_mi-miinitext.c-fix-memleaks-remove-double-glx-initia.patch + + Add 0023_glxext.c-fix-another-memory-leak.patch + + Add 0026_glyph.c-fix-a-read-beyond-end-of-heap-buffer.patch + + Add 0027_Keyboard.c-fix-three-memory-leaks.patch + + Add 0028_Quarks.c-add-missing.patch + + Add 0029_dix-dispatch-fix-a-small-memory-leak.patch + + Add 0030_fb-fix-memory-leak-in-fbOverlayFinishScreenInit.patch + + Add 0031_render-Propagate-allocation-failure-from-createSourc.patch + + Add 0032_NXrender-fix-another-memleak.patch + + Add 0033_Screen.c-fix-two-memleaks.patch + + Add 0034_Screen.c-fix-two-more-memleaks-of-visuals.patch + + Add 0036_os-access.c-add-missing.patch + + Add 0038_NXdixfonts.c-fix-index-out-of-bounds.patch + + Add 0041_compext-Png.c-Nullify-after-free.patch + + Add 0042_mi-miexpose.c-add-missing-free.patch + + Add 0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch + + Add 0050_Keyboard.c-fix-another-cppcheck-finding.patch + + -- Mike Gabriel Sat, 22 Jun 2019 11:49:12 +0200 + nx-libs (2:3.5.99.19-3) unstable; urgency=medium * debian/patches (cherry-picked from upstream): diff -Nru nx-libs-3.5.99.19/debian/patches/0012_xkb-initialize-tsyms.patch nx-libs-3.5.99.19/debian/patches/0012_xkb-initialize-tsyms.patch --- nx-libs-3.5.99.19/debian/patches/0012_xkb-initialize-tsyms.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0012_xkb-initialize-tsyms.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,41 @@ +From 308824ba96b8752835e15dedf2bc0e1cd7c1ddaa Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 13 Jun 2019 22:56:45 +0200 +Subject: [PATCH 12/53] xkb: initialize tsyms +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Backport of this commit: + + commit b2167015043a458e9cf93b827b43eb5b7c552ce9 + Author: Giuseppe Bilotta + Date: Sat Nov 4 23:06:27 2017 +0100 + + xkb: initialize tsyms + + This fixes some “Conditional jump depends on uninitialized value(s)” + errors spotted by valgrind. + + Reviewed-by: Eric Engestrom + Signed-off-by: Giuseppe Bilotta +--- + nx-X11/programs/Xserver/xkb/xkbUtils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/nx-X11/programs/Xserver/xkb/xkbUtils.c b/nx-X11/programs/Xserver/xkb/xkbUtils.c +index 21a5ce76a..a545f06eb 100644 +--- a/nx-X11/programs/Xserver/xkb/xkbUtils.c ++++ b/nx-X11/programs/Xserver/xkb/xkbUtils.c +@@ -187,7 +187,7 @@ XkbDescPtr xkb; + unsigned key,nG,explicit; + KeySymsPtr pCore; + int types[XkbNumKbdGroups]; +-KeySym tsyms[XkbMaxSymsPerKey],*syms; ++KeySym tsyms[XkbMaxSymsPerKey] = {NoSymbol},*syms; + XkbMapChangesPtr mc; + + xkb= pXDev->key->xkbInfo->desc; +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0013_Screen.c-correctly-free-stuff-in-nxagentCloseScreen.patch nx-libs-3.5.99.19/debian/patches/0013_Screen.c-correctly-free-stuff-in-nxagentCloseScreen.patch --- nx-libs-3.5.99.19/debian/patches/0013_Screen.c-correctly-free-stuff-in-nxagentCloseScreen.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0013_Screen.c-correctly-free-stuff-in-nxagentCloseScreen.patch 2019-06-22 09:46:44.000000000 +0000 @@ -0,0 +1,58 @@ +From 0f8dbbab2a218269165f06de37db59b5a20f09ea Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Fri, 14 Jun 2019 00:14:17 +0200 +Subject: [PATCH 13/53] Screen.c: correctly free stuff in nxagentCloseScreen + +fixes a memory leak: + +==19074== 2 bytes in 1 blocks are definitely lost in loss record 8 of 313 +==19074== at 0x483577F: malloc (vg_replace_malloc.c:299) +==19074== by 0x1FD83D: fbAllocatePrivates (fballpriv.c:79) +==19074== by 0x20A666: fbSetupScreen (fbscreen.c:110) +==19074== by 0x20A666: fbScreenInit (fbscreen.c:300) +==19074== by 0x1DEA4C: nxagentOpenScreen (Screen.c:1356) +==19074== by 0x16D7F8: AddScreen (dispatch.c:4257) +==19074== by 0x1DA0CF: InitOutput (Init.c:397) +==19074== by 0x14DCC2: main (main.c:280) +--- + nx-X11/programs/Xserver/hw/nxagent/Screen.c | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +--- a/nx-X11/programs/Xserver/hw/nxagent/Screen.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Screen.c +@@ -2130,20 +2130,32 @@ + fprintf(stderr, "running nxagentCloseScreen()\n"); + #endif + ++ /* ++ * We have called fbScreenInit() in nxagenOpenScreen, which in turn ++ * called fbOpenScreen. But we are not using the data as created by ++ * fbOpenScreen but have freed it and replaced by our own. So we free ++ * our own stuff here and take care that fbCloseScreen will not free ++ * them again. ++ */ ++ + for (i = 0; i < pScreen->numDepths; i++) + { + free(pScreen->allowedDepths[i].vids); ++ pScreen->allowedDepths[i].vids = NULL; + } + ++ pScreen->numDepths = 0; ++ + /* + * Free the frame buffer. + */ + + free(((PixmapPtr)pScreen -> devPrivate) -> devPrivate.ptr); ++ free(pScreen->devPrivate);pScreen->devPrivate = NULL; ++ free(pScreen->allowedDepths); pScreen->allowedDepths = NULL; ++ free(pScreen->visuals); pScreen->visuals = NULL; + +- free(pScreen->allowedDepths); +- free(pScreen->visuals); +- free(pScreen->devPrivate); ++ fbCloseScreen(pScreen); + + /* + * Reset the geometry and alpha information diff -Nru nx-libs-3.5.99.19/debian/patches/0014_Screen.c-Fix-make-sure-RRCloseScreen-is-being-called.patch nx-libs-3.5.99.19/debian/patches/0014_Screen.c-Fix-make-sure-RRCloseScreen-is-being-called.patch --- nx-libs-3.5.99.19/debian/patches/0014_Screen.c-Fix-make-sure-RRCloseScreen-is-being-called.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0014_Screen.c-Fix-make-sure-RRCloseScreen-is-being-called.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,68 @@ +From 3b06ad51d91ff2b9442f159cddf34ed03bc2dd35 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Mon, 17 Jun 2019 16:06:02 +0200 +Subject: [PATCH 14/53] Screen.c: Fix: make sure RRCloseScreen is being called + +Fixes ArcticaProject/nx-libs#598 + +In nxagentOpenScreen we first initialized the RRExtension for the +screen and then replaced pScreen->CloseScreen by +nxagentCloseScreen. This resulted in RandR's RRCloseScreen (and any +other CloseScreen procedure installed by extensions) being no longer +called. + +Moving RandR init after configuring pScreen->CloseScreen ensures the +correct calling cascade: + +RRCloseScreen -> nxagentCloseScreen ->fbCloseScreen (called explicitly +by nxagentCloseScreen). + +Which in turn will fix this memory leak: + +==9688== 328 (312 direct, 16 indirect) bytes in 1 blocks are definitely lost in loss record 271 of 319 +==9688== at 0x4837B65: calloc (vg_replace_malloc.c:752) +==9688== by 0x4ED2C6: RRScreenInit (randr.c:329) +==9688== by 0x1F2B18: nxagentInitRandRExtension (Extensions.c:122) +==9688== by 0x1DEAFF: nxagentOpenScreen (Screen.c:1409) +==9688== by 0x16D7F8: AddScreen (dispatch.c:4257) +==9688== by 0x1DA0CF: InitOutput (Init.c:397) +==9688== by 0x14DCC2: main (main.c:280) +--- + nx-X11/programs/Xserver/hw/nxagent/Screen.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/nx-X11/programs/Xserver/hw/nxagent/Screen.c b/nx-X11/programs/Xserver/hw/nxagent/Screen.c +index 7d180da44..84ef9c4a4 100644 +--- a/nx-X11/programs/Xserver/hw/nxagent/Screen.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Screen.c +@@ -1401,13 +1401,6 @@ Bool nxagentOpenScreen(ScreenPtr pScreen, + pScreen -> rootVisual = defaultVisual; + pScreen -> rootDepth = rootDepth; + +- /* +- * Complete the initialization of the RANDR +- * extension. +- */ +- +- nxagentInitRandRExtension(pScreen); +- + /* + * Set up the internal structures used for + * tracking the proxy resources associated +@@ -1694,6 +1687,13 @@ N/A + nxagentOption(Height)) / 32) + } + ++ /* ++ * Complete the initialization of the RANDR ++ * extension. ++ */ ++ ++ nxagentInitRandRExtension(pScreen); ++ + #ifdef TEST + nxagentPrintAgentGeometry(NULL, "nxagentOpenScreen:"); + #endif +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0015_Keyboard.c-nullify-freed-pointers.patch nx-libs-3.5.99.19/debian/patches/0015_Keyboard.c-nullify-freed-pointers.patch --- nx-libs-3.5.99.19/debian/patches/0015_Keyboard.c-nullify-freed-pointers.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0015_Keyboard.c-nullify-freed-pointers.patch 2019-06-22 09:46:49.000000000 +0000 @@ -0,0 +1,41 @@ +From 340de78e26e7837561909ae2a44c2ef85863d87b Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Mon, 17 Jun 2019 17:31:32 +0200 +Subject: [PATCH 15/53] Keyboard.c: nullify freed pointers + +While trying to properly free memory allocated by XKB I accidently +called nxagentFreeKeyboardDeviceData twice and noticed it would cause +a segfault here. As the other pointers are also nullified after +being freed let's just do it here, too. +--- + nx-X11/programs/Xserver/hw/nxagent/Keyboard.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +--- a/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c +@@ -1320,14 +1320,18 @@ + dev->focus = NULL; + } + +- for (k = dev->kbdfeed; k; k = knext) ++ if (dev->kbdfeed) + { +- knext = k->next; +- #ifdef XKB +- if (k->xkb_sli) +- XkbFreeSrvLedInfo(k->xkb_sli); +- #endif +- free(k); ++ for (k = dev->kbdfeed; k; k = knext) ++ { ++ knext = k->next; ++ #ifdef XKB ++ if (k->xkb_sli) ++ XkbFreeSrvLedInfo(k->xkb_sli); ++ #endif ++ free(k); ++ } ++ dev->kbdfeed = NULL; + } + + #ifdef DEBUG diff -Nru nx-libs-3.5.99.19/debian/patches/0017_Fix-memleaks-Free-devPrivates-of-devices-on-shutdown.patch nx-libs-3.5.99.19/debian/patches/0017_Fix-memleaks-Free-devPrivates-of-devices-on-shutdown.patch --- nx-libs-3.5.99.19/debian/patches/0017_Fix-memleaks-Free-devPrivates-of-devices-on-shutdown.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0017_Fix-memleaks-Free-devPrivates-of-devices-on-shutdown.patch 2019-06-22 09:46:52.000000000 +0000 @@ -0,0 +1,82 @@ +From 4dd1f3cbdff984ff55bc2f88c64b2544c8d88148 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Mon, 17 Jun 2019 20:25:09 +0200 +Subject: [PATCH 17/53] Fix memleaks: Free devPrivates of devices on shutdown + +Fixes these two memory leaks identified by valgrind: + +==28336== 32 (8 direct, 24 indirect) bytes in 1 blocks are definitely lost in loss record 180 of 308 +==28336== at 0x48356AF: malloc (vg_replace_malloc.c:298) +==28336== by 0x4837DE7: realloc (vg_replace_malloc.c:826) +==28336== by 0x1AE322: AllocateDevicePrivate (privates.c:439) +==28336== by 0x27527B: XkbSetExtension (xkbActions.c:72) +==28336== by 0x198E9B: _RegisterPointerDevice (devices.c:361) +==28336== by 0x1DBA35: InitInput (Init.c:440) +==28336== by 0x14DBD6: main (main.c:303) +==28336== +==28336== 32 (8 direct, 24 indirect) bytes in 1 blocks are definitely lost in loss record 181 of 308 +==28336== at 0x48356AF: malloc (vg_replace_malloc.c:298) +==28336== by 0x4837DE7: realloc (vg_replace_malloc.c:826) +==28336== by 0x1AE322: AllocateDevicePrivate (privates.c:439) +==28336== by 0x27527B: XkbSetExtension (xkbActions.c:72) +==28336== by 0x198F1B: _RegisterKeyboardDevice (devices.c:384) +==28336== by 0x1DBA3D: InitInput (Init.c:441) +==28336== by 0x14DBD6: main (main.c:303) +--- + nx-X11/programs/Xserver/hw/nxagent/Keyboard.c | 9 ++++++++- + nx-X11/programs/Xserver/hw/nxagent/Pointer.c | 11 +++++++++-- + 2 files changed, 17 insertions(+), 3 deletions(-) + +--- a/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c +@@ -1018,11 +1018,18 @@ + break; + + case DEVICE_CLOSE: +- + #ifdef TEST + fprintf(stderr, "nxagentKeyboardProc: Called for [DEVICE_CLOSE].\n"); + #endif + ++ for (int i = 0; i < pDev->nPrivates; i++) ++ { ++ free(pDev->devPrivates[i].ptr); ++ pDev->devPrivates[i].ptr = NULL; ++ } ++ free(pDev->devPrivates); ++ pDev->devPrivates = NULL; ++ + break; + } + +--- a/nx-X11/programs/Xserver/hw/nxagent/Pointer.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Pointer.c +@@ -40,7 +40,7 @@ + #include "X.h" + #include "Xproto.h" + #include "screenint.h" +-#include "input.h" ++#include "inputstr.h" + #include "misc.h" + #include "scrnintstr.h" + #include "servermd.h" +@@ -162,11 +162,18 @@ + break; + + case DEVICE_CLOSE: +- + #ifdef TEST + fprintf(stderr, "nxagentPointerProc: Called for [DEVICE_CLOSE].\n"); + #endif + ++ for (int i = 0; i < pDev->nPrivates; i++) ++ { ++ free(pDev->devPrivates[i].ptr); ++ pDev->devPrivates[i].ptr = NULL; ++ } ++ free(pDev->devPrivates); ++ pDev->devPrivates = NULL; ++ + break; + } + diff -Nru nx-libs-3.5.99.19/debian/patches/0018_Screen.c-fix-another-memory-leak.patch nx-libs-3.5.99.19/debian/patches/0018_Screen.c-fix-another-memory-leak.patch --- nx-libs-3.5.99.19/debian/patches/0018_Screen.c-fix-another-memory-leak.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0018_Screen.c-fix-another-memory-leak.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,69 @@ +From 7564422263a10ec8992e538bb741b2ddb51dad82 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Mon, 17 Jun 2019 23:37:51 +0200 +Subject: [PATCH 18/53] Screen.c: fix another memory leak + +==12280== 0 bytes in 5 blocks are definitely lost in loss record 1 of 304 +==12280== at 0x483577F: malloc (vg_replace_malloc.c:299) +==12280== by 0x2EFC29: init_visuals (xf86glx.c:489) +==12280== by 0x2EFC29: __MESA_initVisuals (xf86glx.c:540) +==12280== by 0x17C902: GlxInitVisuals (glxext.c:317) +==12280== by 0x218C03: fbInitVisuals (fbcmap.c:668) +==12280== by 0x20BC41: fbFinishScreenInit (fbscreen.c:229) +==12280== by 0x20C005: fbScreenInit (fbscreen.c:273) +==12280== by 0x1E024C: nxagentOpenScreen (Screen.c:1356) +==12280== by 0x16D828: AddScreen (dispatch.c:4171) +==12280== by 0x1DB7DF: InitOutput (Init.c:396) +==12280== by 0x14DB12: main (main.c:279) +==12280== +==12280== 64 bytes in 2 blocks are definitely lost in loss record 223 of 304 +==12280== at 0x483577F: malloc (vg_replace_malloc.c:299) +==12280== by 0x2EFA05: init_visuals (xf86glx.c:489) +==12280== by 0x2EFA05: __MESA_initVisuals (xf86glx.c:540) +==12280== by 0x17C902: GlxInitVisuals (glxext.c:317) +==12280== by 0x218C03: fbInitVisuals (fbcmap.c:668) +==12280== by 0x20BC41: fbFinishScreenInit (fbscreen.c:229) +==12280== by 0x20C005: fbScreenInit (fbscreen.c:273) +==12280== by 0x1E024C: nxagentOpenScreen (Screen.c:1356) +==12280== by 0x16D828: AddScreen (dispatch.c:4171) +==12280== by 0x1DB7DF: InitOutput (Init.c:396) +==12280== by 0x14DB12: main (main.c:279) +--- + nx-X11/programs/Xserver/hw/nxagent/Screen.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/nx-X11/programs/Xserver/hw/nxagent/Screen.c b/nx-X11/programs/Xserver/hw/nxagent/Screen.c +index 84ef9c4a4..2fcb741db 100644 +--- a/nx-X11/programs/Xserver/hw/nxagent/Screen.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Screen.c +@@ -1391,15 +1391,23 @@ Bool nxagentOpenScreen(ScreenPtr pScreen, + * by fbScreenInit with our own. + */ + +- free(pScreen -> visuals); ++ for (int i = 0; i < pScreen->numDepths; i++) ++ { ++ #ifdef DEBUG ++ fprintf(stderr, "%s: depth [%d] index [%d] vids [%p]\n", __func__, pScreen->allowedDepths[i].depth, i, (void*) pScreen->allowedDepths[i].vids); ++ #endif ++ free(pScreen->allowedDepths[i].vids); ++ } ++ + free(pScreen -> allowedDepths); ++ pScreen -> allowedDepths = depths; ++ pScreen -> numDepths = numDepths; ++ pScreen -> rootDepth = rootDepth; + ++ free(pScreen -> visuals); + pScreen -> visuals = visuals; +- pScreen -> allowedDepths = depths; + pScreen -> numVisuals = numVisuals; +- pScreen -> numDepths = numDepths; + pScreen -> rootVisual = defaultVisual; +- pScreen -> rootDepth = rootDepth; + + /* + * Set up the internal structures used for +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0019_mi-miinitext.c-fix-memleaks-remove-double-glx-initia.patch nx-libs-3.5.99.19/debian/patches/0019_mi-miinitext.c-fix-memleaks-remove-double-glx-initia.patch --- nx-libs-3.5.99.19/debian/patches/0019_mi-miinitext.c-fix-memleaks-remove-double-glx-initia.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0019_mi-miinitext.c-fix-memleaks-remove-double-glx-initia.patch 2019-06-22 09:46:56.000000000 +0000 @@ -0,0 +1,68 @@ +From 5cb497146091acf84f389f6b459f5d2f8ea86643 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Tue, 18 Jun 2019 18:57:17 +0200 +Subject: [PATCH 19/53] mi/miinitext.c: fix memleaks: remove (double) glx + initialization + +Fix these memory leaks: + +==30021== 128 bytes in 1 blocks are definitely lost in loss record 230 of 302 +==30021== at 0x483577F: malloc (vg_replace_malloc.c:299) +==30021== by 0x2EF89C: init_visuals (xf86glx.c:390) +==30021== by 0x2EF89C: __MESA_initVisuals (xf86glx.c:541) +==30021== by 0x17C922: GlxInitVisuals (glxext.c:317) +==30021== by 0x218E73: fbInitVisuals (fbcmap.c:668) +==30021== by 0x20BEB1: fbFinishScreenInit (fbscreen.c:229) +==30021== by 0x20C275: fbScreenInit (fbscreen.c:273) +==30021== by 0x1E0317: nxagentOpenScreen (Screen.c:1357) +==30021== by 0x16D848: AddScreen (dispatch.c:4171) +==30021== by 0x1DB7FF: InitOutput (Init.c:396) +==30021== by 0x14DB12: main (main.c:279) +==30021== +==30021== 3,072 (192 direct, 2,880 indirect) bytes in 1 blocks are definitely lost in loss record 290 of 302 +==30021== at 0x483577F: malloc (vg_replace_malloc.c:299) +==30021== by 0x2CCCC7: _gl_context_modes_create (glcontextmodes.c:364) +==30021== by 0x2EF87C: init_visuals (xf86glx.c:381) +==30021== by 0x2EF87C: __MESA_initVisuals (xf86glx.c:541) +==30021== by 0x17C922: GlxInitVisuals (glxext.c:317) +==30021== by 0x218E73: fbInitVisuals (fbcmap.c:668) +==30021== by 0x20BEB1: fbFinishScreenInit (fbscreen.c:229) +==30021== by 0x20C275: fbScreenInit (fbscreen.c:273) +==30021== by 0x1E0317: nxagentOpenScreen (Screen.c:1357) +==30021== by 0x16D848: AddScreen (dispatch.c:4171) +==30021== by 0x1DB7FF: InitOutput (Init.c:396) +==30021== by 0x14DB12: main (main.c:279) + +The problem here is that GlxInitVisuals is called twice. First via +fbScreenInit and then again via nxagentInitGlxExtension. We remove the +first one to ensure the code in nxagenOpenScreen works as initially +intended. + +There's an xorg upstream patch that does the same +(7d74690536b64f7b8e8036507ab7790807349c50), but it also cleans up +other stuff we do not even have in out source (yet?). +--- + nx-X11/programs/Xserver/mi/miinitext.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +--- a/nx-X11/programs/Xserver/mi/miinitext.c ++++ b/nx-X11/programs/Xserver/mi/miinitext.c +@@ -231,7 +231,6 @@ + */ + #ifndef __DARWIN__ + extern void GlxExtensionInit(void); +-extern void GlxWrapInitVisuals(miInitVisualsProcPtr *); + #else + extern void DarwinGlxExtensionInit(void); + extern void DarwinGlxWrapInitVisuals(miInitVisualsProcPtr *); +@@ -480,9 +479,7 @@ + { + miResetInitVisuals(); + #ifdef GLXEXT +-#ifndef __DARWIN__ +- GlxWrapInitVisuals(&miInitVisualsProc); +-#else ++#ifdef __DARWIN__ + DarwinGlxWrapInitVisuals(&miInitVisualsProc); + #endif + #endif diff -Nru nx-libs-3.5.99.19/debian/patches/0023_glxext.c-fix-another-memory-leak.patch nx-libs-3.5.99.19/debian/patches/0023_glxext.c-fix-another-memory-leak.patch --- nx-libs-3.5.99.19/debian/patches/0023_glxext.c-fix-another-memory-leak.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0023_glxext.c-fix-another-memory-leak.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,47 @@ +From bffdacc48a6bd49e4ac1b4ce5d2fcc8eecdb811c Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Tue, 18 Jun 2019 23:36:45 +0200 +Subject: [PATCH 23/53] glxext.c: fix another memory leak + +==10226== 3,337 bytes in 1 blocks are definitely lost in loss record 295 of 307 +==10226== at 0x483577F: malloc (vg_replace_malloc.c:299) +==10226== by 0x6281DB9: strdup (strdup.c:42) +==10226== by 0x2ABA9E: __glXClientInfo (glxcmds.c:2170) +==10226== by 0x17CA3E: __glXDispatch (NXglxext.c:128) +==10226== by 0x16EE77: Dispatch (NXdispatch.c:476) +==10226== by 0x14DCE0: main (main.c:353) + +There's no point in trying to free cl->* after memset(0). + +This one is a bug that is found identically in xorg upstream and has +only been fixed during rework of the whole client resource freeing +stuff. So we fix it in glxext.c. +--- + nx-X11/programs/Xserver/GL/glx/glxext.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/nx-X11/programs/Xserver/GL/glx/glxext.c b/nx-X11/programs/Xserver/GL/glx/glxext.c +index e92e605fa..4f2d2082d 100644 +--- a/nx-X11/programs/Xserver/GL/glx/glxext.c ++++ b/nx-X11/programs/Xserver/GL/glx/glxext.c +@@ -64,6 +64,7 @@ static void ResetClientState(int clientIndex) + if (cl->returnBuf) free(cl->returnBuf); + if (cl->largeCmdBuf) free(cl->largeCmdBuf); + if (cl->currentContexts) free(cl->currentContexts); ++ if (cl->GLClientextensions) free(cl->GLClientextensions); + memset(cl, 0, sizeof(__GLXclientState)); + /* + ** By default, assume that the client supports +@@ -71,9 +72,6 @@ static void ResetClientState(int clientIndex) + */ + cl->GLClientmajorVersion = 1; + cl->GLClientminorVersion = 0; +- if (cl->GLClientextensions) +- free(cl->GLClientextensions); +- + } + + /* +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0026_glyph.c-fix-a-read-beyond-end-of-heap-buffer.patch nx-libs-3.5.99.19/debian/patches/0026_glyph.c-fix-a-read-beyond-end-of-heap-buffer.patch --- nx-libs-3.5.99.19/debian/patches/0026_glyph.c-fix-a-read-beyond-end-of-heap-buffer.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0026_glyph.c-fix-a-read-beyond-end-of-heap-buffer.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,129 @@ +From 234be0245324b01676aff764b756248f4e57b45d Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Wed, 19 Jun 2019 23:10:40 +0200 +Subject: [PATCH 26/53] glyph.c: fix a read beyond end of heap buffer + +If compiled with -fsanitize=address this showed up when running startlxde: + +==11551==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d000018fbc at pc 0x7f270a9ed57b bp 0x7fff30ef3050 sp 0x7fff30ef2800 +READ of size 204 at 0x60d000018fbc thread T0 + #0 0x7f270a9ed57a (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xb857a) + #1 0x559dafcd5c93 in FindGlyphRef ../../render/glyph.c:179 + #2 0x559dafcd705d in AddGlyph /work/nx-libs/nx-X11/programs/Xserver/hw/nxagent/NXglyph.c:71 + #3 0x559dafccc0ff in ProcRenderAddGlyphs ../../mi/../render/render.c:1186 + #4 0x559dafcbd5a5 in ProcRenderDispatch /work/nx-libs/nx-X11/programs/Xserver/hw/nxagent/NXrender.c:1689 + #5 0x559dafcbc4ea in Dispatch /work/nx-libs/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c:476 + #6 0x559dafc4e9b0 in main /work/nx-libs/nx-X11/programs/Xserver/dix/main.c:353 + #7 0x7f2708e1d09a in __libc_start_main ../csu/libc-start.c:308 + #8 0x559dafc4f5d9 in _start (/work/nx-libs/nx-X11/programs/Xserver/nxagent+0x6e5d9) + +0x60d000018fbc is located 0 bytes to the right of 140-byte region [0x60d000018f30,0x60d000018fbc) +allocated by thread T0 here: + #0 0x7f270aa1e330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330) + #1 0x559dafcd646c in AllocateGlyph ../../render/glyph.c:348 + +This happens when two glyphs are compared via memcmp and the smaller +one happens to be identical to the beginning of the bigger one. + +Newer render implementations use a sha1 hash instead of memcmp so this +patch will (hopefully) be obsolete once render gets updated. +--- + nx-X11/programs/Xserver/hw/nxagent/NXglyph.c | 61 ++++++++++++++++++++ + nx-X11/programs/Xserver/render/glyph.c | 2 + + 2 files changed, 63 insertions(+) + +diff --git a/nx-X11/programs/Xserver/hw/nxagent/NXglyph.c b/nx-X11/programs/Xserver/hw/nxagent/NXglyph.c +index 1f82e73dc..72d8242bd 100644 +--- a/nx-X11/programs/Xserver/hw/nxagent/NXglyph.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/NXglyph.c +@@ -59,6 +59,67 @@ + + #endif + ++GlyphRefPtr ++FindGlyphRef (GlyphHashPtr hash, CARD32 signature, Bool match, GlyphPtr compare) ++{ ++ CARD32 elt, step, s; ++ GlyphPtr glyph; ++ GlyphRefPtr table, gr, del; ++ CARD32 tableSize = hash->hashSet->size; ++ ++ table = hash->table; ++ elt = signature % tableSize; ++ step = 0; ++ del = 0; ++ for (;;) ++ { ++ gr = &table[elt]; ++ s = gr->signature; ++ glyph = gr->glyph; ++ if (!glyph) ++ { ++ if (del) ++ gr = del; ++ break; ++ } ++ if (glyph == DeletedGlyph) ++ { ++ if (!del) ++ del = gr; ++ else if (gr == del) ++ break; ++ } ++#ifdef NXAGENT_SERVER ++ else if (s == signature && match && glyph->size != compare->size) ++ { ++ /* ++ * if the glyphsize is different there's no need to do a memcmp ++ * because it will surely report difference. And even worse: ++ * it will read beyond the end of glyph under some ++ * circumstances, which can be detected when compiling with ++ * -fsanitize=address. ++ */ ++ } ++#endif ++ else if (s == signature && ++ (!match || ++ memcmp (&compare->info, &glyph->info, compare->size) == 0)) ++ { ++ break; ++ } ++ if (!step) ++ { ++ step = signature % hash->hashSet->rehash; ++ if (!step) ++ step = 1; ++ } ++ elt += step; ++ if (elt >= tableSize) ++ elt -= tableSize; ++ } ++ return gr; ++} ++ + void + AddGlyph (GlyphSetPtr glyphSet, GlyphPtr glyph, Glyph id) + { +diff --git a/nx-X11/programs/Xserver/render/glyph.c b/nx-X11/programs/Xserver/render/glyph.c +index a379b505f..93aed401b 100644 +--- a/nx-X11/programs/Xserver/render/glyph.c ++++ b/nx-X11/programs/Xserver/render/glyph.c +@@ -144,6 +144,7 @@ GlyphInit (ScreenPtr pScreen) + return TRUE; + } + ++#ifndef NXAGENT_SERVER + GlyphRefPtr + FindGlyphRef (GlyphHashPtr hash, CARD32 signature, Bool match, GlyphPtr compare) + { +@@ -192,6 +193,7 @@ FindGlyphRef (GlyphHashPtr hash, CARD32 signature, Bool match, GlyphPtr compare) + } + return gr; + } ++#endif + + CARD32 + HashGlyph (GlyphPtr glyph) +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0027_Keyboard.c-fix-three-memory-leaks.patch nx-libs-3.5.99.19/debian/patches/0027_Keyboard.c-fix-three-memory-leaks.patch --- nx-libs-3.5.99.19/debian/patches/0027_Keyboard.c-fix-three-memory-leaks.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0027_Keyboard.c-fix-three-memory-leaks.patch 2019-06-22 09:47:00.000000000 +0000 @@ -0,0 +1,40 @@ +From 6da1066109241d8c84cdb2b4674f4dd2a15c1a9c Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Wed, 19 Jun 2019 23:44:40 +0200 +Subject: [PATCH 27/53] Keyboard.c: fix three memory leaks + +==12976==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 6 byte(s) in 1 object(s) allocated from: + #0 0x7f510b3ac810 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a810) + #1 0x559ca29c5035 in nxagentKeyboardProc /home/uli/work/nx/ArcticaProject/nx-libs/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c:866 + #2 0x7a29bff07 () + +Direct leak of 1 byte(s) in 1 object(s) allocated from: + #0 0x7f510b3ac810 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a810) + #1 0x559ca29c509a in nxagentKeyboardProc /home/uli/work/nx/ArcticaProject/nx-libs/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c:870 + #2 0x7a29bff07 () + +Direct leak of 1 byte(s) in 1 object(s) allocated from: + #0 0x7f510b3ac810 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a810) + #1 0x559ca29c507f in nxagentKeyboardProc /home/uli/work/nx/ArcticaProject/nx-libs/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c:869 + #2 0x7a29bff07 () + +SUMMARY: AddressSanitizer: 8 byte(s) leaked in 3 allocation(s). +--- + nx-X11/programs/Xserver/hw/nxagent/Keyboard.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c +@@ -938,6 +938,10 @@ + { + NXShadowInitKeymap(&(pDev->key->curKeySyms)); + } ++ ++ free(rules); ++ free(variant); ++ free(options); + } + + if (xkb) diff -Nru nx-libs-3.5.99.19/debian/patches/0028_Quarks.c-add-missing.patch nx-libs-3.5.99.19/debian/patches/0028_Quarks.c-add-missing.patch --- nx-libs-3.5.99.19/debian/patches/0028_Quarks.c-add-missing.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0028_Quarks.c-add-missing.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,25 @@ +From 6f954bb7d6fe3e80cce70121b18f09f39f0a1ce8 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 00:13:25 +0200 +Subject: [PATCH 28/53] Quarks.c: add missing ) + +--- + nx-X11/lib/src/Quarks.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/nx-X11/lib/src/Quarks.c b/nx-X11/lib/src/Quarks.c +index 132ec6f67..0e702d566 100644 +--- a/nx-X11/lib/src/Quarks.c ++++ b/nx-X11/lib/src/Quarks.c +@@ -88,7 +88,7 @@ static XrmQuark nextUniq = -1; /* next quark from XrmUniqueQuark */ + #define STRQUANTSIZE (sizeof(XrmString) * (QUANTUMMASK + 1)) + #ifdef PERMQ + #define QUANTSIZE (STRQUANTSIZE + \ +- (sizeof(Bits) * ((QUANTUMMASK + 1) >> 3)) ++ (sizeof(Bits) * ((QUANTUMMASK + 1) >> 3))) + #else + #define QUANTSIZE STRQUANTSIZE + #endif +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0029_dix-dispatch-fix-a-small-memory-leak.patch nx-libs-3.5.99.19/debian/patches/0029_dix-dispatch-fix-a-small-memory-leak.patch --- nx-libs-3.5.99.19/debian/patches/0029_dix-dispatch-fix-a-small-memory-leak.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0029_dix-dispatch-fix-a-small-memory-leak.patch 2019-06-22 09:47:03.000000000 +0000 @@ -0,0 +1,22 @@ +From f55402572cc659888be7ace585bea8c8fcb7db32 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 00:26:47 +0200 +Subject: [PATCH 29/53] dix/dispatch: fix a small memory leak + +--- + nx-X11/programs/Xserver/dix/dispatch.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/nx-X11/programs/Xserver/dix/dispatch.c ++++ b/nx-X11/programs/Xserver/dix/dispatch.c +@@ -4161,7 +4161,10 @@ + pScreen->devPrivates = (DevUnion *)calloc(sizeof(DevUnion), + screenPrivateCount); + if (!pScreen->devPrivates && screenPrivateCount) ++ { ++ free(pScreen); + return -1; ++ } + + ret = init_screen(pScreen, i); + if (ret != 0) { diff -Nru nx-libs-3.5.99.19/debian/patches/0030_fb-fix-memory-leak-in-fbOverlayFinishScreenInit.patch nx-libs-3.5.99.19/debian/patches/0030_fb-fix-memory-leak-in-fbOverlayFinishScreenInit.patch --- nx-libs-3.5.99.19/debian/patches/0030_fb-fix-memory-leak-in-fbOverlayFinishScreenInit.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0030_fb-fix-memory-leak-in-fbOverlayFinishScreenInit.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,48 @@ +From 9f9b790f855f4a969b4ae6730e9cad8a9e743a3a Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 00:42:01 +0200 +Subject: [PATCH 30/53] fb: fix memory leak in fbOverlayFinishScreenInit + + commit 2aa935bc5cc1e2d5365a97b8c5bb3d33eb5fc758 + Author: Tiago Vignatti + Date: Fri Mar 25 22:10:55 2011 +0200 + + fb: fix memory leak in fbOverlayFinishScreenInit + + Signed-off-by: Tiago Vignatti + Reviewed-by: Nicolas Peninguy + Reviewed-by: Peter Hutterer +--- + nx-X11/programs/Xserver/fb/fboverlay.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/nx-X11/programs/Xserver/fb/fboverlay.c b/nx-X11/programs/Xserver/fb/fboverlay.c +index 6e0bbf252..95101a731 100644 +--- a/nx-X11/programs/Xserver/fb/fboverlay.c ++++ b/nx-X11/programs/Xserver/fb/fboverlay.c +@@ -410,16 +410,20 @@ fbOverlayFinishScreenInit(ScreenPtr pScreen, + + if (!fbInitVisuals (&visuals, &depths, &nvisuals, &ndepths, &depth1, + &defaultVisual, ((unsigned long)1<<(bpp1-1)) | +- ((unsigned long)1<<(bpp2-1)), 8)) ++ ((unsigned long)1<<(bpp2-1)), 8)) { ++ free(pScrPriv); + return FALSE; ++ } + if (! miScreenInit(pScreen, 0, xsize, ysize, dpix, dpiy, 0, + depth1, ndepths, depths, + defaultVisual, nvisuals, visuals + #ifdef FB_OLD_MISCREENINIT + , (miBSFuncPtr) 0 + #endif +- )) ++ )) { ++ free(pScrPriv); + return FALSE; ++ } + /* MI thinks there's no frame buffer */ + #ifdef MITSHM + ShmRegisterFbFuncs(pScreen); +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0031_render-Propagate-allocation-failure-from-createSourc.patch nx-libs-3.5.99.19/debian/patches/0031_render-Propagate-allocation-failure-from-createSourc.patch --- nx-libs-3.5.99.19/debian/patches/0031_render-Propagate-allocation-failure-from-createSourc.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0031_render-Propagate-allocation-failure-from-createSourc.patch 2019-06-22 09:47:07.000000000 +0000 @@ -0,0 +1,47 @@ +From 78eff73e4a8cf6a428dd4bd5ed50e0515ec8794f Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 00:51:32 +0200 +Subject: [PATCH 31/53] render: Propagate allocation failure from + createSourcePicture() + + commit 211d4c2d353b5e379716484055a3f58235ea65f4 + Author: Chris Wilson + Date: Wed Dec 14 15:55:22 2011 +0000 + + render: Propagate allocation failure from createSourcePicture() + + All the callers were already checking for failure, except that + createSourcePicture() itself was failing to check whether it + successfully allocated the Picture. + + [ajax: Rebase, fix line wrap of preceding line] + + Signed-off-by: Chris Wilson + Reviewed-by: Jeremy Huddleston +--- + nx-X11/programs/Xserver/hw/nxagent/NXpicture.c | 2 ++ + nx-X11/programs/Xserver/render/picture.c | 2 ++ + 2 files changed, 4 insertions(+) + +--- a/nx-X11/programs/Xserver/hw/nxagent/NXpicture.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/NXpicture.c +@@ -324,6 +324,8 @@ + sizeof(nxagentPrivPictureRec); + + pPicture = (PicturePtr) calloc(1, totalPictureSize); ++ if (!pPicture) ++ return 0; + + if (pPicture != NULL) + { +--- a/nx-X11/programs/Xserver/render/picture.c ++++ b/nx-X11/programs/Xserver/render/picture.c +@@ -979,6 +979,8 @@ + { + PicturePtr pPicture; + pPicture = (PicturePtr) malloc(sizeof(PictureRec)); ++ if (!pPicture) ++ return 0; + pPicture->pDrawable = 0; + pPicture->pFormat = 0; + pPicture->pNext = 0; diff -Nru nx-libs-3.5.99.19/debian/patches/0032_NXrender-fix-another-memleak.patch nx-libs-3.5.99.19/debian/patches/0032_NXrender-fix-another-memleak.patch --- nx-libs-3.5.99.19/debian/patches/0032_NXrender-fix-another-memleak.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0032_NXrender-fix-another-memleak.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,29 @@ +From e63d9de4565b97645956adf19d7f162ae0d471bd Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 00:59:16 +0200 +Subject: [PATCH 32/53] NXrender: fix another memleak + +--- + nx-X11/programs/Xserver/hw/nxagent/NXrender.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/nx-X11/programs/Xserver/hw/nxagent/NXrender.c b/nx-X11/programs/Xserver/hw/nxagent/NXrender.c +index fd9c0be82..190f746a4 100644 +--- a/nx-X11/programs/Xserver/hw/nxagent/NXrender.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/NXrender.c +@@ -1004,7 +1004,11 @@ ProcRenderCompositeGlyphs (ClientPtr client) + + elementsBase = malloc(nlist * sizeof(XGlyphElt8)); + if (!elementsBase) +- return BadAlloc; ++ { ++ free(glyphsBase); ++ free(listsBase); ++ return BadAlloc; ++ } + + buffer = (CARD8 *) (stuff + 1); + glyphs = glyphsBase; +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch --- nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch 2019-06-22 09:45:04.000000000 +0000 @@ -0,0 +1,79 @@ +From 213e63eed7f808633dc865af94a9ea4ee703f228 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 01:21:44 +0200 +Subject: [PATCH 33/53] Screen.c: fix two memleaks + +While at it create and use the freeDepths() helper function. +--- + nx-X11/programs/Xserver/hw/nxagent/Screen.c | 37 ++++++++++----------- + 1 file changed, 18 insertions(+), 19 deletions(-) + +--- a/nx-X11/programs/Xserver/hw/nxagent/Screen.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Screen.c +@@ -844,6 +844,19 @@ + return count; + } + ++void freeDepths(DepthPtr depths, int num) ++{ ++ for (int i = 0; i < num; i++) ++ { ++ #ifdef DEBUG ++ fprintf(stderr, "%s: freeing depth [%d] index [%d] vids [%p]\n", __func__, depths[i].depth, i, (void*) depths[i].vids); ++ #endif ++ free(depths[i].vids); ++ depths[i].vids = NULL; ++ } ++ free(depths); ++} ++ + Bool nxagentOpenScreen(ScreenPtr pScreen, + int argc, char *argv[]) + { +@@ -1335,6 +1348,7 @@ + + if (!pFrameBufferBits) + { ++ freeDepths(depths, numDepths); + return FALSE; + } + +@@ -1356,6 +1370,7 @@ + if (!fbScreenInit(pScreen, pFrameBufferBits, nxagentOption(RootWidth), nxagentOption(RootHeight), + monitorResolution, monitorResolution, PixmapBytePad(nxagentOption(RootWidth), rootDepth), bitsPerPixel)) + { ++ freeDepths(depths, numDepths); + return FALSE; + } + +@@ -1399,7 +1414,7 @@ + free(pScreen->allowedDepths[i].vids); + } + +- free(pScreen -> allowedDepths); ++ freeDepths(pScreen->allowedDepths, pScreen->numDepths); + pScreen -> allowedDepths = depths; + pScreen -> numDepths = numDepths; + pScreen -> rootDepth = rootDepth; +@@ -2146,11 +2161,8 @@ + * them again. + */ + +- for (i = 0; i < pScreen->numDepths; i++) +- { +- free(pScreen->allowedDepths[i].vids); +- pScreen->allowedDepths[i].vids = NULL; +- } ++ freeDepths(pScreen->allowedDepths, pScreen->numDepths); ++ pScreen->allowedDepths = NULL; + + pScreen->numDepths = 0; + +@@ -2160,7 +2172,6 @@ + + free(((PixmapPtr)pScreen -> devPrivate) -> devPrivate.ptr); + free(pScreen->devPrivate);pScreen->devPrivate = NULL; +- free(pScreen->allowedDepths); pScreen->allowedDepths = NULL; + free(pScreen->visuals); pScreen->visuals = NULL; + + fbCloseScreen(pScreen); diff -Nru nx-libs-3.5.99.19/debian/patches/0034_Screen.c-fix-two-more-memleaks-of-visuals.patch nx-libs-3.5.99.19/debian/patches/0034_Screen.c-fix-two-more-memleaks-of-visuals.patch --- nx-libs-3.5.99.19/debian/patches/0034_Screen.c-fix-two-more-memleaks-of-visuals.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0034_Screen.c-fix-two-more-memleaks-of-visuals.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,32 @@ +From bb08043a65ba7e600fafaa3c703915fcb8ad79d4 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 01:29:21 +0200 +Subject: [PATCH 34/53] Screen.c: fix two more memleaks of visuals + +--- + nx-X11/programs/Xserver/hw/nxagent/Screen.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/nx-X11/programs/Xserver/hw/nxagent/Screen.c b/nx-X11/programs/Xserver/hw/nxagent/Screen.c +index 67151733f..6ec4b245f 100644 +--- a/nx-X11/programs/Xserver/hw/nxagent/Screen.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Screen.c +@@ -1349,6 +1349,7 @@ Bool nxagentOpenScreen(ScreenPtr pScreen, + if (!pFrameBufferBits) + { + freeDepths(depths, numDepths); ++ free(visuals); + return FALSE; + } + +@@ -1371,6 +1372,7 @@ Bool nxagentOpenScreen(ScreenPtr pScreen, + monitorResolution, monitorResolution, PixmapBytePad(nxagentOption(RootWidth), rootDepth), bitsPerPixel)) + { + freeDepths(depths, numDepths); ++ free(visuals); + return FALSE; + } + +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0036_os-access.c-add-missing.patch nx-libs-3.5.99.19/debian/patches/0036_os-access.c-add-missing.patch --- nx-libs-3.5.99.19/debian/patches/0036_os-access.c-add-missing.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0036_os-access.c-add-missing.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,24 @@ +From 3c0469971a5092781783b6a5c86b668047e475be Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 01:35:22 +0200 +Subject: [PATCH 36/53] os/access.c: add missing } + +--- + nx-X11/programs/Xserver/os/access.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/nx-X11/programs/Xserver/os/access.c b/nx-X11/programs/Xserver/os/access.c +index d8d035ade..df540e704 100644 +--- a/nx-X11/programs/Xserver/os/access.c ++++ b/nx-X11/programs/Xserver/os/access.c +@@ -1348,6 +1348,7 @@ GetLocalClientCreds(ClientPtr client, LocalClientCredRec **lccp) + if (getpeerucred(fd, &peercred) < 0) { + FreeLocalClientCreds(lcc); + return -1; ++ } + lcc->euid = ucred_geteuid(peercred); + if (lcc->euid != -1) + lcc->fieldsSet |= LCC_UID_SET; +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0038_NXdixfonts.c-fix-index-out-of-bounds.patch nx-libs-3.5.99.19/debian/patches/0038_NXdixfonts.c-fix-index-out-of-bounds.patch --- nx-libs-3.5.99.19/debian/patches/0038_NXdixfonts.c-fix-index-out-of-bounds.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0038_NXdixfonts.c-fix-index-out-of-bounds.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,34 @@ +From b4d3dc5bff6a8d3b09a61dbf8421a46fd23b82e8 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 19:14:10 +0200 +Subject: [PATCH 38/53] NXdixfonts.c: fix index out of bounds + +--- + nx-X11/programs/Xserver/hw/nxagent/NXdixfonts.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/nx-X11/programs/Xserver/hw/nxagent/NXdixfonts.c b/nx-X11/programs/Xserver/hw/nxagent/NXdixfonts.c +index 50bf719c6..bfb208593 100644 +--- a/nx-X11/programs/Xserver/hw/nxagent/NXdixfonts.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/NXdixfonts.c +@@ -1216,7 +1216,7 @@ nxdoListFontsAndAliases(client, fss) + if (c->savedName) + { + memcpy(tmp,c->savedName,c->savedNameLen>255?255:c->savedNameLen); +- tmp[c->savedNameLen>255?256:c->savedNameLen]=0; ++ tmp[c->savedNameLen>255?255:c->savedNameLen]=0; + if (nxagentFontLookUp(tmp)) + break; + else tmp[0]=0; +@@ -1225,7 +1225,7 @@ nxdoListFontsAndAliases(client, fss) + else + { + memcpy(tmp,name,namelen>255?255:namelen); +- tmp[namelen>255?256:namelen]=0; ++ tmp[namelen>255?255:namelen]=0; + if (nxagentFontLookUp(tmp)) + break; + else tmp[0]=0; +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0041_compext-Png.c-Nullify-after-free.patch nx-libs-3.5.99.19/debian/patches/0041_compext-Png.c-Nullify-after-free.patch --- nx-libs-3.5.99.19/debian/patches/0041_compext-Png.c-Nullify-after-free.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0041_compext-Png.c-Nullify-after-free.patch 2019-06-22 09:47:14.000000000 +0000 @@ -0,0 +1,22 @@ +From 956caeb8af1f14a52879d39c98caeb1e13edd546 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 19:54:44 +0200 +Subject: [PATCH 41/53] compext/Png.c: Nullify after free + +--- + nx-X11/programs/Xserver/hw/nxagent/compext/Png.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/nx-X11/programs/Xserver/hw/nxagent/compext/Png.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/compext/Png.c +@@ -548,8 +548,8 @@ + dy, h); + #endif + +- free(srcBuf); +- free(image_index); ++ free(srcBuf); srcBuf = NULL; ++ free(image_index); image_index = NULL; + + if (setjmp(png_jmpbuf(png_ptr))) + { diff -Nru nx-libs-3.5.99.19/debian/patches/0042_mi-miexpose.c-add-missing-free.patch nx-libs-3.5.99.19/debian/patches/0042_mi-miexpose.c-add-missing-free.patch --- nx-libs-3.5.99.19/debian/patches/0042_mi-miexpose.c-add-missing-free.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0042_mi-miexpose.c-add-missing-free.patch 2019-06-22 09:47:16.000000000 +0000 @@ -0,0 +1,22 @@ +From c8520ac0aabb475d92ea6b60e3113f2999c04eb8 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Thu, 20 Jun 2019 23:14:09 +0200 +Subject: [PATCH 42/53] mi/miexpose.c: add missing free() + +--- + nx-X11/programs/Xserver/mi/miexpose.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/nx-X11/programs/Xserver/mi/miexpose.c ++++ b/nx-X11/programs/Xserver/mi/miexpose.c +@@ -762,7 +762,10 @@ + if (screenContext[i] == (GCPtr)NULL) + { + if (!ResType && !(ResType = CreateNewResourceType(tossGC))) ++ { ++ free(prect); + return; ++ } + screenContext[i] = CreateGC((DrawablePtr)pWin, (BITS32) 0, + (XID *)NULL, &status); + if (!screenContext[i]) diff -Nru nx-libs-3.5.99.19/debian/patches/0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch nx-libs-3.5.99.19/debian/patches/0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch --- nx-libs-3.5.99.19/debian/patches/0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,35 @@ +From 5be6d271ba4f4c48d0441cf0ed3d8909a6ffd774 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Fri, 21 Jun 2019 11:22:28 +0200 +Subject: [PATCH 49/53] xkb: fix what looks to be a copy-paste error with first + vs firstMM + + commit 758393951233d1b2520cf4cefd33ec4288a3880a + Author: Dave Airlie + Date: Wed Sep 12 11:09:40 2018 +1000 + + xkb: fix what looks to be a copy-paste error with first vs firstMM + + Pointed out by coverity. + + Signed-off-by: Dave Airlie +--- + nx-X11/programs/Xserver/xkb/xkb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/nx-X11/programs/Xserver/xkb/xkb.c b/nx-X11/programs/Xserver/xkb/xkb.c +index e6521c952..238b0897e 100644 +--- a/nx-X11/programs/Xserver/xkb/xkb.c ++++ b/nx-X11/programs/Xserver/xkb/xkb.c +@@ -2363,7 +2363,7 @@ ProcXkbSetMap(ClientPtr client) + else first= last= 0; + if (change.map.num_modmap_keys>0) { + firstMM= change.map.first_modmap_key; +- lastMM= first+change.map.num_modmap_keys-1; ++ lastMM= firstMM + change.map.num_modmap_keys - 1; + } + else firstMM= lastMM= 0; + if ((last>0) && (lastMM>0)) { +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/0050_Keyboard.c-fix-another-cppcheck-finding.patch nx-libs-3.5.99.19/debian/patches/0050_Keyboard.c-fix-another-cppcheck-finding.patch --- nx-libs-3.5.99.19/debian/patches/0050_Keyboard.c-fix-another-cppcheck-finding.patch 1970-01-01 00:00:00.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/0050_Keyboard.c-fix-another-cppcheck-finding.patch 2019-06-22 09:34:03.000000000 +0000 @@ -0,0 +1,28 @@ +From 2bb498a4c767b7d12db84e59b77020bcd70a057c Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller +Date: Fri, 21 Jun 2019 11:38:39 +0200 +Subject: [PATCH 50/53] Keyboard.c: fix another cppcheck finding + +[Keyboard.c:559]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour +--- + nx-X11/programs/Xserver/hw/nxagent/Keyboard.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c b/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c +index 7330784de..8ff4528a1 100644 +--- a/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c +@@ -555,8 +555,9 @@ void nxagentChangeKeyboardControl(DeviceIntPtr pDev, KeybdCtrl *ctrl) + + for (int i = 1; i <= 32; i++) + { ++ unsigned int mask = (unsigned int)1 << (i - 1); + values.led = i; +- values.led_mode = (ctrl->leds & (1 << (i - 1))) ? LedModeOn : LedModeOff; ++ values.led_mode = (ctrl->leds & mask) ? LedModeOn : LedModeOff; + + XChangeKeyboardControl(nxagentDisplay, value_mask, &values); + } +-- +2.20.1 + diff -Nru nx-libs-3.5.99.19/debian/patches/series nx-libs-3.5.99.19/debian/patches/series --- nx-libs-3.5.99.19/debian/patches/series 2019-05-24 19:54:36.000000000 +0000 +++ nx-libs-3.5.99.19/debian/patches/series 2019-06-22 09:46:29.000000000 +0000 @@ -1,8 +1,31 @@ -2001_nx-X11_install-location.debian.patch -2002_xserver-xext_set-securitypolicy-path.debian.patch -2003_nxdialog-use-python3.patch -2004_enforce-lpthread.patch 0001_nxagent-Determine-nxagentProgName-only-once.patch 0002_nxdialog-bin-nxdialog-Fix-error-dialog-type-not-supp.patch 0003_xkbUtils.c-Catch-division-by-zero.patch 0004_libNX_X11-add-additional-checks-for-dpy-and-xkb.patch +0012_xkb-initialize-tsyms.patch +0013_Screen.c-correctly-free-stuff-in-nxagentCloseScreen.patch +0014_Screen.c-Fix-make-sure-RRCloseScreen-is-being-called.patch +0015_Keyboard.c-nullify-freed-pointers.patch +0017_Fix-memleaks-Free-devPrivates-of-devices-on-shutdown.patch +0018_Screen.c-fix-another-memory-leak.patch +0019_mi-miinitext.c-fix-memleaks-remove-double-glx-initia.patch +0023_glxext.c-fix-another-memory-leak.patch +0026_glyph.c-fix-a-read-beyond-end-of-heap-buffer.patch +0027_Keyboard.c-fix-three-memory-leaks.patch +0028_Quarks.c-add-missing.patch +0029_dix-dispatch-fix-a-small-memory-leak.patch +0030_fb-fix-memory-leak-in-fbOverlayFinishScreenInit.patch +0031_render-Propagate-allocation-failure-from-createSourc.patch +0032_NXrender-fix-another-memleak.patch +0033_Screen.c-fix-two-memleaks.patch +0034_Screen.c-fix-two-more-memleaks-of-visuals.patch +0036_os-access.c-add-missing.patch +0038_NXdixfonts.c-fix-index-out-of-bounds.patch +0041_compext-Png.c-Nullify-after-free.patch +0042_mi-miexpose.c-add-missing-free.patch +0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch +0050_Keyboard.c-fix-another-cppcheck-finding.patch +2001_nx-X11_install-location.debian.patch +2002_xserver-xext_set-securitypolicy-path.debian.patch +2003_nxdialog-use-python3.patch +2004_enforce-lpthread.patch