Ubuntu
xorg-server package

Merge ~mustafakemalgilor/ubuntu/+source/xorg-server:bugfix/lp2007746-ubuntu-focal into ubuntu/+source/xorg-server:ubuntu/focal-devel

Git
lp:~mustafakemalgilor/ubuntu/+source/xorg-server
bugfix/lp2007746-ubuntu-focal
Merge into ubuntu/focal-devel

Proposed by Mustafa Kemal Gilor on 2023-02-18

Status:

Needs review

Proposed branch:

~mustafakemalgilor/ubuntu/+source/xorg-server:bugfix/lp2007746-ubuntu-focal

Merge into:

ubuntu/+source/xorg-server:ubuntu/focal-devel

Diff against target:

85 lines (+63/-0)

3 files modified

debian/changelog (+7/-0)
debian/patches/lp2007746-fix-pdev-null-deref.patch (+55/-0)
debian/patches/series (+1/-0)

Undecided

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Ubuntu-X		2023-02-18	Pending
Review via email: mp+437541@code.launchpad.net

Description of the change

Backported a fix from upstream to focal for the LP issue #2007746:

* d/p/lp2007746-fix-pdev-null-deref.patch: fix potential pdev NULL deref
(LP: #2007746)

Please tag & sponsor.

Steps to reproduce/test:

See [ Test Plan ] section of the LP issue #2007746.

Unmerged commits

b59d47a... by Mustafa Kemal Gilor on 2023-02-18

changelog

Signed-off-by: Mustafa Kemal Gilor <email address hidden>

f997dba... by Mustafa Kemal Gilor on 2023-02-18

* d/p/lp2007746-fix-pdev-null-deref.patch: fix potential pdev NULL deref
(LP: #2007746)

Signed-off-by: Mustafa Kemal Gilor <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Mustafa Kemal Gilor

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index a568b1c..ae0bfd1 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,10 @@
++xorg-server (2:1.20.13-1ubuntu1~20.04.6ubuntu1) focal; urgency=medium
++
++  * d/p/lp2007746-fix-pdev-null-deref.patch: fix potential pdev null
++    deref in xf86platformBus.c (LP: #2007746)
++
++ -- Mustafa Kemal GILOR <mustafa.gilor@canonical.com>  Sat, 18 Feb 2023 15:17:01 +0300
++
  xorg-server (2:1.20.13-1ubuntu1~20.04.6) focal-security; urgency=medium
    * SECURITY UPDATE: DeepCopyPointerClasses use-after-free
 diff --git a/debian/patches/lp2007746-fix-pdev-null-deref.patch b/debian/patches/lp2007746-fix-pdev-null-deref.patch
 new file mode 100644
 index 0000000..e51588c
 --- /dev/null
 +++ b/debian/patches/lp2007746-fix-pdev-null-deref.patch
@@ -0,0 +1,55 @@
++From 0d93bbfa2cfacbb73741f8bed0e32fa1a656b928 Mon Sep 17 00:00:00 2001
++From: Povilas Kanapickas <povilas@radix.lt>
++Date: Fri, 26 Mar 2021 00:51:02 +0200
++Subject: [PATCH] xfree86: Fix potentially NULL reference to platform device's
++ PCI device
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++xf86_platform_devices[i].pdev may be NULL in cases we fail to parse the
++busid in config_udev_odev_setup_attribs() (see also [1], [2]) such as
++when udev does not give use ID_PATH. This in turn leads to
++platform_find_pci_info() being not called and pdev being NULL.
++
++[1]: https://gitlab.freedesktop.org/xorg/xserver/-/issues/993
++[2]: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1076
++
++Reviewed-by: Zoltán Böszörményi <zboszor@gmail.com>
++Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
++---
++ hw/xfree86/common/xf86platformBus.c        | 10 ++++++----
++ hw/xfree86/os-support/linux/lnx_platform.c |  3 +++
++ 2 files changed, 9 insertions(+), 4 deletions(-)
++
++--- a/hw/xfree86/common/xf86platformBus.c
+++++ b/hw/xfree86/common/xf86platformBus.c
++@@ -365,10 +365,12 @@
++         break;
++     case BUS_PCI:
++         for (i = 0; i < xf86_num_platform_devices; i++) {
++-            if (MATCH_PCI_DEVICES(xf86_platform_devices[i].pdev,
++-                                  entity->bus.id.pci)) {
++-                dev = &xf86_platform_devices[i];
++-                break;
+++            if (xf86_platform_devices[i].pdev) {
+++                if (MATCH_PCI_DEVICES(xf86_platform_devices[i].pdev,
+++                                      entity->bus.id.pci)) {
+++                    dev = &xf86_platform_devices[i];
+++                    break;
+++                }
++             }
++         }
++         break;
++--- a/hw/xfree86/os-support/linux/lnx_platform.c
+++++ b/hw/xfree86/os-support/linux/lnx_platform.c
++@@ -101,6 +101,9 @@
++     bustype = StringToBusType(busid, &id);
++     if (bustype == BUS_PCI) {
++         struct pci_device *pPci = device->pdev;
+++        if (!pPci)
+++            return FALSE;
+++
++         if (xf86ComparePciBusString(busid,
++                                     ((pPci->domain << 8)
++                                      | pPci->bus),
 diff --git a/debian/patches/series b/debian/patches/series
 index 8713b8a..145813b 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -47,3 +47,4 @@ CVE-2022-46344-1.patch
  CVE-2022-46344-2.patch
  CVE-2022-4283.patch
  CVE-2023-0494.patch
++lp2007746-fix-pdev-null-deref.patch

Ubuntuxorg-server package