--- /dev/null
+From 4ab40b2b60f4f841f75250e1e60c1624d8212cd4 Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax@redhat.com>
+Date: Mon, 10 Nov 2014 12:13:47 -0500
+Subject: [PATCH 31/33] glx: Length checking for non-generated single requests
+ (v2) [CVE-2014-8098 7/8]
+
+v2:
+Fix single versus vendor-private length checking for ARB_imaging subset
+extensions. (Julien Cristau)
+
+v3:
+Fix single versus vendor-private length checking for ARB_imaging subset
+extensions. (Julien Cristau)
+
+Reviewed-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Andy Ritger <aritger@nvidia.com>
+Signed-off-by: Adam Jackson <ajax@redhat.com>
+Signed-off-by: Julien Cristau <jcristau@debian.org>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ glx/indirect_texture_compression.c | 4 ++++
+ glx/single2.c | 23 +++++++++++++++----
+ glx/single2swap.c | 19 ++++++++++++----
+ glx/singlepix.c | 44 ++++++++++++++++++++++++------------
+ glx/singlepixswap.c | 34 ++++++++++++++++++++++++----
+ 5 files changed, 95 insertions(+), 29 deletions(-)
+
+Index: xorg-server-1.15.1/glx/indirect_texture_compression.c
+===================================================================
+--- xorg-server-1.15.1.orig/glx/indirect_texture_compression.c 2014-12-04 11:56:48.021535287 -0500
++++ xorg-server-1.15.1/glx/indirect_texture_compression.c 2014-12-04 11:56:48.017535262 -0500
+@@ -43,6 +43,8 @@
+ __GLXcontext *const cx = __glXForceCurrent(cl, req->contextTag, &error);
+ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 8);
++
+ pc += __GLX_SINGLE_HDR_SIZE;
+ if (cx != NULL) {
+ const GLenum target = *(GLenum *) (pc + 0);
+@@ -85,6 +87,8 @@
+ __glXForceCurrent(cl, bswap_32(req->contextTag), &error);
+ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 8);
++
+ pc += __GLX_SINGLE_HDR_SIZE;
+ if (cx != NULL) {
+ const GLenum target = (GLenum) bswap_32(*(int *) (pc + 0));
+Index: xorg-server-1.15.1/glx/single2.c
+===================================================================
+--- xorg-server-1.15.1.orig/glx/single2.c 2014-12-04 11:56:48.021535287 -0500
++++ xorg-server-1.15.1/glx/single2.c 2014-12-04 11:56:48.017535262 -0500
+@@ -45,11 +45,14 @@
+ int
+ __glXDisp_FeedbackBuffer(__GLXclientState * cl, GLbyte * pc)
+ {
++ ClientPtr client = cl->client;
+ GLsizei size;
+ GLenum type;
+ __GLXcontext *cx;
+ int error;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 8);
++
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+ return error;
+@@ -76,10 +79,13 @@
+ int
+ __glXDisp_SelectBuffer(__GLXclientState * cl, GLbyte * pc)
+ {
++ ClientPtr client = cl->client;
+ __GLXcontext *cx;
+ GLsizei size;
+ int error;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 4);
++
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+ return error;
+@@ -104,7 +110,7 @@
+ int
+ __glXDisp_RenderMode(__GLXclientState * cl, GLbyte * pc)
+ {
+- ClientPtr client;
++ ClientPtr client = cl->client;
+ xGLXRenderModeReply reply;
+ __GLXcontext *cx;
+ GLint nitems = 0, retBytes = 0, retval, newModeCheck;
+@@ -112,6 +118,8 @@
+ GLenum newMode;
+ int error;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 4);
++
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+ return error;
+@@ -188,7 +196,6 @@
+ ** selection array, as per the API for glRenderMode itself.
+ */
+ noChangeAllowed:;
+- client = cl->client;
+ reply = (xGLXRenderModeReply) {
+ .type = X_Reply,
+ .sequenceNumber = client->sequence,
+@@ -207,9 +214,12 @@
+ int
+ __glXDisp_Flush(__GLXclientState * cl, GLbyte * pc)
+ {
++ ClientPtr client = cl->client;
+ __GLXcontext *cx;
+ int error;
+
++ REQUEST_SIZE_MATCH(xGLXSingleReq);
++
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+ return error;
+@@ -223,10 +233,12 @@
+ int
+ __glXDisp_Finish(__GLXclientState * cl, GLbyte * pc)
+ {
++ ClientPtr client = cl->client;
+ __GLXcontext *cx;
+- ClientPtr client;
+ int error;
+
++ REQUEST_SIZE_MATCH(xGLXSingleReq);
++
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+ return error;
+@@ -317,7 +329,7 @@
+ int
+ DoGetString(__GLXclientState * cl, GLbyte * pc, GLboolean need_swap)
+ {
+- ClientPtr client;
++ ClientPtr client = cl->client;
+ __GLXcontext *cx;
+ GLenum name;
+ const char *string;
+@@ -327,6 +339,8 @@
+ char *buf = NULL, *buf1 = NULL;
+ GLint length = 0;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 4);
++
+ /* If the client has the opposite byte order, swap the contextTag and
+ * the name.
+ */
+@@ -343,7 +357,6 @@
+ pc += __GLX_SINGLE_HDR_SIZE;
+ name = *(GLenum *) (pc + 0);
+ string = (const char *) glGetString(name);
+- client = cl->client;
+
+ if (string == NULL)
+ string = "";
+Index: xorg-server-1.15.1/glx/single2swap.c
+===================================================================
+--- xorg-server-1.15.1.orig/glx/single2swap.c 2014-12-04 11:56:48.021535287 -0500
++++ xorg-server-1.15.1/glx/single2swap.c 2014-12-04 11:56:48.017535262 -0500
+@@ -41,6 +41,7 @@
+ int
+ __glXDispSwap_FeedbackBuffer(__GLXclientState * cl, GLbyte * pc)
+ {
++ ClientPtr client = cl->client;
+ GLsizei size;
+ GLenum type;
+
+@@ -48,6 +49,8 @@
+ __GLXcontext *cx;
+ int error;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 8);
++
+ __GLX_SWAP_INT(&((xGLXSingleReq *) pc)->contextTag);
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+@@ -77,12 +80,15 @@
+ int
+ __glXDispSwap_SelectBuffer(__GLXclientState * cl, GLbyte * pc)
+ {
++ ClientPtr client = cl->client;
+ __GLXcontext *cx;
+ GLsizei size;
+
+ __GLX_DECLARE_SWAP_VARIABLES;
+ int error;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 4);
++
+ __GLX_SWAP_INT(&((xGLXSingleReq *) pc)->contextTag);
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+@@ -109,7 +115,7 @@
+ int
+ __glXDispSwap_RenderMode(__GLXclientState * cl, GLbyte * pc)
+ {
+- ClientPtr client;
++ ClientPtr client = cl->client;
+ __GLXcontext *cx;
+ xGLXRenderModeReply reply;
+ GLint nitems = 0, retBytes = 0, retval, newModeCheck;
+@@ -120,6 +126,8 @@
+ __GLX_DECLARE_SWAP_ARRAY_VARIABLES;
+ int error;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 4);
++
+ __GLX_SWAP_INT(&((xGLXSingleReq *) pc)->contextTag);
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+@@ -200,7 +208,6 @@
+ ** selection array, as per the API for glRenderMode itself.
+ */
+ noChangeAllowed:;
+- client = cl->client;
+ reply = (xGLXRenderModeReply) {
+ .type = X_Reply,
+ .sequenceNumber = client->sequence,
+@@ -224,11 +231,14 @@
+ int
+ __glXDispSwap_Flush(__GLXclientState * cl, GLbyte * pc)
+ {
++ ClientPtr client = cl->client;
+ __GLXcontext *cx;
+ int error;
+
+ __GLX_DECLARE_SWAP_VARIABLES;
+
++ REQUEST_SIZE_MATCH(xGLXSingleReq);
++
+ __GLX_SWAP_INT(&((xGLXSingleReq *) pc)->contextTag);
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+@@ -243,12 +253,14 @@
+ int
+ __glXDispSwap_Finish(__GLXclientState * cl, GLbyte * pc)
+ {
++ ClientPtr client = cl->client;
+ __GLXcontext *cx;
+- ClientPtr client;
+ int error;
+
+ __GLX_DECLARE_SWAP_VARIABLES;
+
++ REQUEST_SIZE_MATCH(xGLXSingleReq);
++
+ __GLX_SWAP_INT(&((xGLXSingleReq *) pc)->contextTag);
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+@@ -260,7 +272,6 @@
+ cx->hasUnflushedCommands = GL_FALSE;
+
+ /* Send empty reply packet to indicate finish is finished */
+- client = cl->client;
+ __GLX_BEGIN_REPLY(0);
+ __GLX_PUT_RETVAL(0);
+ __GLX_SWAP_REPLY_HEADER();
+Index: xorg-server-1.15.1/glx/singlepix.c
+===================================================================
+--- xorg-server-1.15.1.orig/glx/singlepix.c 2014-12-04 11:56:48.021535287 -0500
++++ xorg-server-1.15.1/glx/singlepix.c 2014-12-04 11:56:48.017535262 -0500
+@@ -51,6 +51,8 @@
+ int error;
+ char *answer, answerBuffer[200];
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 28);
++
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+ return error;
+@@ -100,6 +102,8 @@
+ char *answer, answerBuffer[200];
+ GLint width = 0, height = 0, depth = 1;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 20);
++
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+ return error;
+@@ -157,6 +161,8 @@
+ GLubyte answerBuffer[200];
+ char *answer;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 4);
++
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+ return error;
+@@ -217,15 +223,13 @@
+ compsize = __glGetTexImage_size(target, 1, format, type, width, 1, 1);
+ compsize2 = __glGetTexImage_size(target, 1, format, type, height, 1, 1);
+
+- if (compsize < 0)
++ if ((compsize = safe_pad(compsize)) < 0)
+ return BadLength;
+- if (compsize2 < 0)
++ if ((compsize2 = safe_pad(compsize2)) < 0)
+ return BadLength;
+- compsize = __GLX_PAD(compsize);
+- compsize2 = __GLX_PAD(compsize2);
+
+ glPixelStorei(GL_PACK_SWAP_BYTES, swapBytes);
+- __GLX_GET_ANSWER_BUFFER(answer, cl, compsize + compsize2, 1);
++ __GLX_GET_ANSWER_BUFFER(answer, cl, safe_add(compsize, compsize2), 1);
+ __glXClearErrorOccured();
+ glGetSeparableFilter(*(GLenum *) (pc + 0), *(GLenum *) (pc + 4),
+ *(GLenum *) (pc + 8), answer, answer + compsize, NULL);
+@@ -249,7 +253,8 @@
+ __glXDisp_GetSeparableFilter(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_SINGLE_CONTEXT_TAG(pc);
+-
++ ClientPtr client = cl->client;
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 16);
+ return GetSeparableFilter(cl, pc + __GLX_SINGLE_HDR_SIZE, tag);
+ }
+
+@@ -257,7 +262,8 @@
+ __glXDisp_GetSeparableFilterEXT(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_VENDPRIV_CONTEXT_TAG(pc);
+-
++ ClientPtr client = cl->client;
++ REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 16);
+ return GetSeparableFilter(cl, pc + __GLX_VENDPRIV_HDR_SIZE, tag);
+ }
+
+@@ -323,7 +329,8 @@
+ __glXDisp_GetConvolutionFilter(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_SINGLE_CONTEXT_TAG(pc);
+-
++ ClientPtr client = cl->client;
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 16);
+ return GetConvolutionFilter(cl, pc + __GLX_SINGLE_HDR_SIZE, tag);
+ }
+
+@@ -331,7 +338,8 @@
+ __glXDisp_GetConvolutionFilterEXT(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_VENDPRIV_CONTEXT_TAG(pc);
+-
++ ClientPtr client = cl->client;
++ REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 16);
+ return GetConvolutionFilter(cl, pc + __GLX_VENDPRIV_HDR_SIZE, tag);
+ }
+
+@@ -390,7 +398,8 @@
+ __glXDisp_GetHistogram(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_SINGLE_CONTEXT_TAG(pc);
+-
++ ClientPtr client = cl->client;
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 16);
+ return GetHistogram(cl, pc + __GLX_SINGLE_HDR_SIZE, tag);
+ }
+
+@@ -398,7 +407,8 @@
+ __glXDisp_GetHistogramEXT(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_VENDPRIV_CONTEXT_TAG(pc);
+-
++ ClientPtr client = cl->client;
++ REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 16);
+ return GetHistogram(cl, pc + __GLX_VENDPRIV_HDR_SIZE, tag);
+ }
+
+@@ -450,7 +460,8 @@
+ __glXDisp_GetMinmax(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_SINGLE_CONTEXT_TAG(pc);
+-
++ ClientPtr client = cl->client;
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 16);
+ return GetMinmax(cl, pc + __GLX_SINGLE_HDR_SIZE, tag);
+ }
+
+@@ -458,7 +469,8 @@
+ __glXDisp_GetMinmaxEXT(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_VENDPRIV_CONTEXT_TAG(pc);
+-
++ ClientPtr client = cl->client;
++ REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 16);
+ return GetMinmax(cl, pc + __GLX_VENDPRIV_HDR_SIZE, tag);
+ }
+
+@@ -517,7 +529,8 @@
+ __glXDisp_GetColorTable(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_SINGLE_CONTEXT_TAG(pc);
+-
++ ClientPtr client = cl->client;
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 16);
+ return GetColorTable(cl, pc + __GLX_SINGLE_HDR_SIZE, tag);
+ }
+
+@@ -525,6 +538,7 @@
+ __glXDisp_GetColorTableSGI(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_VENDPRIV_CONTEXT_TAG(pc);
+-
++ ClientPtr client = cl->client;
++ REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 16);
+ return GetColorTable(cl, pc + __GLX_VENDPRIV_HDR_SIZE, tag);
+ }
+Index: xorg-server-1.15.1/glx/singlepixswap.c
+===================================================================
+--- xorg-server-1.15.1.orig/glx/singlepixswap.c 2014-12-04 11:56:48.021535287 -0500
++++ xorg-server-1.15.1/glx/singlepixswap.c 2014-12-04 11:56:48.017535262 -0500
+@@ -53,6 +53,8 @@
+ int error;
+ char *answer, answerBuffer[200];
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 28);
++
+ __GLX_SWAP_INT(&((xGLXSingleReq *) pc)->contextTag);
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+@@ -114,6 +116,8 @@
+ char *answer, answerBuffer[200];
+ GLint width = 0, height = 0, depth = 1;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 20);
++
+ __GLX_SWAP_INT(&((xGLXSingleReq *) pc)->contextTag);
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+@@ -184,6 +188,8 @@
+
+ __GLX_DECLARE_SWAP_VARIABLES;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 4);
++
+ __GLX_SWAP_INT(&((xGLXSingleReq *) pc)->contextTag);
+ cx = __glXForceCurrent(cl, __GLX_GET_SINGLE_CONTEXT_TAG(pc), &error);
+ if (!cx) {
+@@ -251,15 +257,13 @@
+ compsize = __glGetTexImage_size(target, 1, format, type, width, 1, 1);
+ compsize2 = __glGetTexImage_size(target, 1, format, type, height, 1, 1);
+
+- if (compsize < 0)
++ if ((compsize = safe_pad(compsize)) < 0)
+ return BadLength;
+- if (compsize2 < 0)
++ if ((compsize2 = safe_pad(compsize2)) < 0)
+ return BadLength;
+- compsize = __GLX_PAD(compsize);
+- compsize2 = __GLX_PAD(compsize2);
+
+ glPixelStorei(GL_PACK_SWAP_BYTES, !swapBytes);
+- __GLX_GET_ANSWER_BUFFER(answer, cl, compsize + compsize2, 1);
++ __GLX_GET_ANSWER_BUFFER(answer, cl, safe_add(compsize, compsize2), 1);
+ __glXClearErrorOccured();
+ glGetSeparableFilter(*(GLenum *) (pc + 0), *(GLenum *) (pc + 4),
+ *(GLenum *) (pc + 8), answer, answer + compsize, NULL);
+@@ -285,7 +289,9 @@
+ __glXDispSwap_GetSeparableFilter(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_SINGLE_CONTEXT_TAG(pc);
++ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 16);
+ return GetSeparableFilter(cl, pc + __GLX_SINGLE_HDR_SIZE, tag);
+ }
+
+@@ -293,7 +299,9 @@
+ __glXDispSwap_GetSeparableFilterEXT(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_VENDPRIV_CONTEXT_TAG(pc);
++ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 16);
+ return GetSeparableFilter(cl, pc + __GLX_VENDPRIV_HDR_SIZE, tag);
+ }
+
+@@ -367,7 +375,9 @@
+ __glXDispSwap_GetConvolutionFilter(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_SINGLE_CONTEXT_TAG(pc);
++ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 16);
+ return GetConvolutionFilter(cl, pc + __GLX_SINGLE_HDR_SIZE, tag);
+ }
+
+@@ -375,7 +385,9 @@
+ __glXDispSwap_GetConvolutionFilterEXT(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_VENDPRIV_CONTEXT_TAG(pc);
++ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 16);
+ return GetConvolutionFilter(cl, pc + __GLX_VENDPRIV_HDR_SIZE, tag);
+ }
+
+@@ -441,7 +453,9 @@
+ __glXDispSwap_GetHistogram(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_SINGLE_CONTEXT_TAG(pc);
++ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 16);
+ return GetHistogram(cl, pc + __GLX_SINGLE_HDR_SIZE, tag);
+ }
+
+@@ -449,7 +463,9 @@
+ __glXDispSwap_GetHistogramEXT(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_VENDPRIV_CONTEXT_TAG(pc);
++ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 16);
+ return GetHistogram(cl, pc + __GLX_VENDPRIV_HDR_SIZE, tag);
+ }
+
+@@ -507,7 +523,9 @@
+ __glXDispSwap_GetMinmax(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_SINGLE_CONTEXT_TAG(pc);
++ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 16);
+ return GetMinmax(cl, pc + __GLX_SINGLE_HDR_SIZE, tag);
+ }
+
+@@ -515,7 +533,9 @@
+ __glXDispSwap_GetMinmaxEXT(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_VENDPRIV_CONTEXT_TAG(pc);
++ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 16);
+ return GetMinmax(cl, pc + __GLX_VENDPRIV_HDR_SIZE, tag);
+ }
+
+@@ -581,7 +601,9 @@
+ __glXDispSwap_GetColorTable(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_SINGLE_CONTEXT_TAG(pc);
++ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXSingleReq, 16);
+ return GetColorTable(cl, pc + __GLX_SINGLE_HDR_SIZE, tag);
+ }
+
+@@ -589,6 +611,8 @@
+ __glXDispSwap_GetColorTableSGI(__GLXclientState * cl, GLbyte * pc)
+ {
+ const GLXContextTag tag = __GLX_GET_VENDPRIV_CONTEXT_TAG(pc);
++ ClientPtr client = cl->client;
+
++ REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 16);
+ return GetColorTable(cl, pc + __GLX_VENDPRIV_HDR_SIZE, tag);
+ }
repositories / deb_xorg-server.git / blobdiff