projects / platform / upstream / xorg-server.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7446989) | patch
Xdmx: integer overflow in GetGLXVisualConfigs()
authorAlan Coopersmith <alan.coopersmith@oracle.com>
Sun, 14 Apr 2013 16:33:57 +0000 (09:33 -0700)
committerAlan Coopersmith <alan.coopersmith@oracle.com>
Thu, 18 Jul 2013 01:10:40 +0000 (18:10 -0700)
commitc89bcd12f4fc7233830a8dbe7863c312f657da3c
treec683e57bcf85374003adbe7c606e242608a8585ftree | snapshot
parent74469895e39fa38337f59edd64c4031ab9bb51d8commit | diff
Xdmx: integer overflow in GetGLXVisualConfigs()

numVisuals & numProps are both CARD32 and need to be bounds checked before
multiplying by structure sizes to come up with the total size to allocate,
to avoid integer overflow leading to underallocation and writing data from
the network past the end of the allocated buffer.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
hw/dmx/dmx_glxvisuals.c diff | blob | history
Domain: Graphics System / X Window System;