[Bug 196119] New: [patch] x11-server/xorg-server: unbreak net/tigervnc after CVE-2014-8092 patch

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Dec 19 06:22:10 UTC 2014 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196119

            Bug ID: 196119
           Summary: [patch] x11-server/xorg-server: unbreak net/tigervnc
                    after CVE-2014-8092 patch
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: beastie at tardisi.com
                CC: meta+ports at vmeta.jp
                CC: meta+ports at vmeta.jp
             Flags: maintainer-feedback?(meta+ports at vmeta.jp)

Created attachment 150747
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=150747&action=edit
patch to unbreak what wasn't broke, leaves fix for what was.

since x11-server/xorg-server was updated to "Fix multiple xserver security
advisories in the 1.12.4 xserver."

net/tigervnc fails to build at this point:

(00:13:42) In file included from ../../include/region.h:51,
(00:13:42)                  from ../../include/window.h:52,
(00:13:42)                  from ../../include/input.h:56,
(00:13:42)                  from ../../hw/xfree86/common/xf86str.h:39,
(00:13:42)                  from ../../hw/xfree86/common/xf86.h:45,
(00:13:42)                  from xf86vncModule.cc:39:
(00:13:42) ../../include/regionstr.h: In function 'void
RegionInit(pixman_region16*, pixman_box16*, int)':
(00:13:42) ../../include/regionstr.h:147: error: invalid conversion from
'void*' to 'pixman_region16_data_t*'
(00:13:42) Makefile:893: recipe for target 'libvnc_la-xf86vncModule.lo' failed

After searching online for a while, I came across this message post:

> Re: [tigervnc-devel] Ubuntu trusty build failures
> 
> Alan Coopersmith Thu, 11 Dec 2014 17:34:03 -0800
> 
> On 12/11/14 05:19 PM, Brian Hinz wrote:
> > As of yesterday, upstream patches to the ubuntu 14.04 xorg-server-source package
> > cause our build to fail with the following error:
> > 
> > ../../include/regionstr.h: In function 'void RegionInit(RegionPtr, BoxPtr, 
> > int)':
> > ../../include/regionstr.h:147:45: error: invalid conversion from 'void*' to 
> > 'pixman_region16_data_t* {aka pixman_region16_data*}' [-fpermissive]
> >               (((_pReg)->data = malloc(rgnSize)) != NULL)) {
> > 
> > Still looking into what changed that's now causing this, but thechangelog  
> > <http://changelogs.ubuntu.com/changelogs/pool/main/x/xorg-server/xorg-server_1.15.1-0ubuntu2.5/changelog>
> >   references CVEs so we should probably review them to make sure the 1.4.0 release is 
> > not affected.
> 
> Sorry, I'm a C programmer, so I'm in the habit of deleting casts of malloc()
> results, forgetting that breaks C++.
> 
> After the patches were released, I also found late yesterday that this change
> had broken our  TigerVNC 1.1 package build on Solaris:
> 
> -        if (((_size) > 1) && ((_pReg)->data =
> -                              (RegDataPtr) malloc(RegionSizeof(_size)))) {
> +        if (((_size) > 1) && ((rgnSize = RegionSizeof(_size)) > 0) &&
> +            (((_pReg)->data = malloc(rgnSize)) != NULL)) {
> 
> from http://cgit.freedesktop.org/xorg/xserver/commit/?id=97015a07b9e15d8ec5608b95d95ec0eb51202acb
> 
> I can make it build again by putting the (RegDataPtr) back but was hoping we
> could find some way to make extern "C" { ... } or similar convince the compiler
> C code was okay, since on the upstream Xorg side we have no way of knowing when
> our C changes break VNC trying to use our C code as C++ code.
> 
> --
>         -Alan Coopersmith-              alan.coopersm... at oracle.com
>          Oracle Solaris Engineering - http://blogs.oracle.com/alanc
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel

Well, as a C Programmer...sure....

1> casting is redundant. so not doing it saves typing, how does removing it
save?  Not casting (or worse removing somebody else's cast, would get me burned
in a code review....but then company had so far failed to get acquire by
Oracle.)
2> it would mask failing to include stdlib.h, so make sure its included (of
course that would lead to redundancy.)
3> if the type is changed, it require updating all the malloc's.  Unless a
typedef is used....which, umm, is what RegDataPtr is.

--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Maintainer CC'd

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list