[kodi] Upload patches

commit 592fc0d35f889f0f5d4ff80ec1c21928a9f24e71 Author: Michael Cronenworth <mike(a)cchtml.com&gt; Date: Tue Dec 25 12:06:35 2018 -0600 Upload patches kodi-18-rc3-cxx-assertions.patch | 66 ++++++++++++++++++++++++++++++++++++++++ kodi-18-rc3-cxx-debug.patch | 42 +++++++++++++++++++++++++ 2 files changed, 108 insertions(+) --- diff --git a/kodi-18-rc3-cxx-assertions.patch b/kodi-18-rc3-cxx-assertions.patch new file mode 100644 index 0000000..301c982 --- /dev/null +++ b/kodi-18-rc3-cxx-assertions.patch @@ -0,0 +1,66 @@ +From 9605e2ff352b0785c52ac135b35b1ed914b57e21 Mon Sep 17 00:00:00 2001 +From: Philipp Kerling <pkerling(a)casix.org&gt; +Date: Fri, 21 Dec 2018 11:15:43 +0100 +Subject: [PATCH] [guilib] Fix out-of-bounds vector access when "drawing" empty + text + +If the text to draw is empty, the vertex vector in CGUIFontTTFBase:: +DrawTextInternal stays empty and is handed like that to the lib-specific +functions which might not handle that. Specifically, CGUIFontTTFGL:: +CreateVertexBuffer accessed the vertex vector without bounds checking +(detected by `-D_GLIBCXX_ASSERTIONS`). As there is nothing to do for +drawing an empty text anyway, just bail out early. +Also add some extra checking to be safe in the future. +--- + xbmc/guilib/GUIFontTTF.cpp | 5 +++++ + xbmc/guilib/GUIFontTTFGL.cpp | 7 ++++++- + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/xbmc/guilib/GUIFontTTF.cpp b/xbmc/guilib/GUIFontTTF.cpp +index acad2fcb76f3..906db44dadff 100644 +--- a/xbmc/guilib/GUIFontTTF.cpp ++++ b/xbmc/guilib/GUIFontTTF.cpp +@@ -352,6 +352,11 @@ void CGUIFontTTFBase::End() + + void CGUIFontTTFBase::DrawTextInternal(float x, float y, const std::vector<UTILS::Color> &colors, const vecText &text, uint32_t alignment, float maxPixelWidth, bool scrolling) + { ++ if (text.empty()) ++ { ++ return; ++ } ++ + Begin(); + + uint32_t rawAlignment = alignment; +diff --git a/xbmc/guilib/GUIFontTTFGL.cpp b/xbmc/guilib/GUIFontTTFGL.cpp +index db51eb4bdd7d..f87afae0afac 100644 +--- a/xbmc/guilib/GUIFontTTFGL.cpp ++++ b/xbmc/guilib/GUIFontTTFGL.cpp +@@ -23,6 +23,8 @@ + #endif + #include "rendering/MatrixGL.h" + ++#include <cassert> ++ + // stuff for freetype + #include <ft2build.h> + #include FT_FREETYPE_H +@@ -280,6 +282,9 @@ void CGUIFontTTFGL::LastEnd() + + CVertexBuffer CGUIFontTTFGL::CreateVertexBuffer(const std::vector<SVertex> &vertices) const + { ++ assert(!vertices.empty()); ++ assert(vertices.size() % 4 == 0); ++ + // Generate a unique buffer object name and put it in bufferHandle + GLuint bufferHandle; + glGenBuffers(1, &bufferHandle); +@@ -288,7 +293,7 @@ CVertexBuffer CGUIFontTTFGL::CreateVertexBuffer(const std::vector<SVertex> &vert + // Create a data store for the buffer object bound to the GL_ARRAY_BUFFER + // binding point (i.e. our buffer object) and initialise it from the + // specified client-side pointer +- glBufferData(GL_ARRAY_BUFFER, vertices.size() * sizeof (SVertex), &vertices[0], GL_STATIC_DRAW); ++ glBufferData(GL_ARRAY_BUFFER, vertices.size() * sizeof (SVertex), vertices.data(), GL_STATIC_DRAW); + // Unbind GL_ARRAY_BUFFER + glBindBuffer(GL_ARRAY_BUFFER, 0); + diff --git a/kodi-18-rc3-cxx-debug.patch b/kodi-18-rc3-cxx-debug.patch new file mode 100644 index 0000000..4f24eae --- /dev/null +++ b/kodi-18-rc3-cxx-debug.patch @@ -0,0 +1,42 @@ +From b3cd094fc4cf5386d76541ba159bbac438a3c715 Mon Sep 17 00:00:00 2001 +From: Philipp Kerling <pkerling(a)casix.org&gt; +Date: Fri, 21 Dec 2018 11:18:13 +0100 +Subject: [PATCH] [wayland] Fix unsafe iterator copy + +Copying the buffer iterator like this is actually unsafe since it might +get invalidated by a later modification of the `std::set`. Instead, +use the C pointer for lookup. + +Found with `-D_GLIBCXX_DEBUG` +--- + xbmc/windowing/wayland/WindowDecorator.cpp | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/xbmc/windowing/wayland/WindowDecorator.cpp b/xbmc/windowing/wayland/WindowDecorator.cpp +index 874aaff13bcf..a44c6357b743 100644 +--- a/xbmc/windowing/wayland/WindowDecorator.cpp ++++ b/xbmc/windowing/wayland/WindowDecorator.cpp +@@ -967,10 +967,21 @@ void CWindowDecorator::CommitAllBuffers() + if (emplaceResult.second) + { + // Buffer was not pending already +- auto iter = emplaceResult.first; +- wlBuffer.on_release() = [this, iter]() ++ auto wlBufferC = reinterpret_cast<wl_buffer*> (wlBuffer.c_ptr()); ++ // We can refer to the buffer neither by iterator (might be invalidated) nor by ++ // capturing the C++ instance in the lambda (would create a reference loop and ++ // never allow the object to be freed), so use the raw pointer for now ++ wlBuffer.on_release() = [this, wlBufferC]() + { + CSingleLock lock(m_pendingBuffersMutex); ++ // Construct a dummy object for searching the set ++ wayland::buffer_t findDummy(wlBufferC, wayland::proxy_t::wrapper_type::foreign); ++ auto iter = m_pendingBuffers.find(findDummy); ++ if (iter == m_pendingBuffers.end()) ++ { ++ throw std::logic_error("Cannot release buffer that is not pending"); ++ } ++ + // Do not erase again until buffer is reattached (should not happen anyway, just to be safe) + // const_cast is OK since changing the function pointer does not affect + // the key in the set