diff -u xorg-server-1.12.1.902/debian/changelog xorg-server-1.12.1.902/debian/changelog --- xorg-server-1.12.1.902/debian/changelog +++ xorg-server-1.12.1.902/debian/changelog @@ -1,3 +1,12 @@ +xorg-server (2:1.12.1.902-1ubuntu2) quantal; urgency=low + + * Add upstream patches to avoid seg fault in case the user is running with + multiple screens and xrandr is only enabled at one (LP: #1015292): + - 516-randr-first-check-pScrPriv-before-using-the-pointer.patch + - 517-randr-Catch-two-more-potential-unset-rrScrPriv-uses.patch + + -- Ricardo Salveti de Araujo Tue, 17 Jul 2012 16:44:42 -0300 + xorg-server (2:1.12.1.902-1ubuntu1) quantal-proposed; urgency=medium [ Maarten Lankhorst ] diff -u xorg-server-1.12.1.902/debian/patches/series xorg-server-1.12.1.902/debian/patches/series --- xorg-server-1.12.1.902/debian/patches/series +++ xorg-server-1.12.1.902/debian/patches/series @@ -36,0 +37,2 @@ +516-randr-first-check-pScrPriv-before-using-the-pointer.patch +517-randr-Catch-two-more-potential-unset-rrScrPriv-uses.patch only in patch2: unchanged: --- xorg-server-1.12.1.902.orig/debian/patches/516-randr-first-check-pScrPriv-before-using-the-pointer.patch +++ xorg-server-1.12.1.902/debian/patches/516-randr-first-check-pScrPriv-before-using-the-pointer.patch @@ -0,0 +1,33 @@ +From 32603f57ca03b6390b109960f8bb5ea53ac95ecb Mon Sep 17 00:00:00 2001 +From: Ricardo Salveti de Araujo +Date: Thu, 21 Jun 2012 00:55:53 -0300 +Subject: [PATCH] randr: first check pScrPriv before using the pointer at + RRFirstOutput + +Fix a seg fault in case pScrPriv is NULL at ProcRRGetScreenInfo, +which later calls RRFirstOutput. + +Signed-off-by: Ricardo Salveti de Araujo +Reviewed-by: Keith Packard +Signed-off-by: Keith Packard +--- + randr/randr.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/randr/randr.c b/randr/randr.c +index 4d4298a..103da48 100644 +--- a/randr/randr.c ++++ b/randr/randr.c +@@ -446,6 +446,9 @@ RRFirstOutput(ScreenPtr pScreen) + RROutputPtr output; + int i, j; + ++ if (!pScrPriv) ++ return NULL; ++ + if (pScrPriv->primaryOutput && pScrPriv->primaryOutput->crtc) + return pScrPriv->primaryOutput; + +-- +1.7.9.5 + only in patch2: unchanged: --- xorg-server-1.12.1.902.orig/debian/patches/517-randr-Catch-two-more-potential-unset-rrScrPriv-uses.patch +++ xorg-server-1.12.1.902/debian/patches/517-randr-Catch-two-more-potential-unset-rrScrPriv-uses.patch @@ -0,0 +1,55 @@ +From 855003c333a0ead1db912695bc9705ef2b3144b4 Mon Sep 17 00:00:00 2001 +From: Keith Packard +Date: Thu, 21 Jun 2012 18:45:18 -0700 +Subject: [PATCH] randr: Catch two more potential unset rrScrPriv uses + +Ricardo Salveti found one place where the +randr code could use the randr screen private data without checking +for null first. This happens when the X server is running with +multiple screens, some of which are randr enabled and some of which +are not. Applications making protocol requests to the non-randr +screens can cause segfaults where the server touches the unset private +structure. + +I audited the code and found two more possible problem spots; the +trick to auditing for this issue was to look for functions not taking +a RandR data structure and where there was no null screen private +check above them in the call graph. + +Signed-off-by: Keith Packard +--- + randr/rroutput.c | 3 ++- + randr/rrscreen.c | 3 +++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/randr/rroutput.c b/randr/rroutput.c +index 091e06b..fbd0e32 100644 +--- a/randr/rroutput.c ++++ b/randr/rroutput.c +@@ -546,7 +546,8 @@ ProcRRSetOutputPrimary(ClientPtr client) + } + + pScrPriv = rrGetScrPriv(pWin->drawable.pScreen); +- RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output); ++ if (pScrPriv) ++ RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output); + + return Success; + } +diff --git a/randr/rrscreen.c b/randr/rrscreen.c +index f570afa..55110e0 100644 +--- a/randr/rrscreen.c ++++ b/randr/rrscreen.c +@@ -248,6 +248,9 @@ ProcRRSetScreenSize(ClientPtr client) + + pScreen = pWin->drawable.pScreen; + pScrPriv = rrGetScrPriv(pScreen); ++ if (!pScrPriv) ++ return BadMatch; ++ + if (stuff->width < pScrPriv->minWidth || pScrPriv->maxWidth < stuff->width) { + client->errorValue = stuff->width; + return BadValue; +-- +1.7.9.5 +