Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer (8e2159d9) · Commits · Hypra / xorg-server

Commit 8e2159d9 authored Jan 09, 2015 by

Nathan Kidd Committed by Julien Cristau Oct 13, 2017

Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer

[jcristau: originally this patch fixed the same issue as commit
 211e05ac

 "Xi: Test exact size of XIBarrierReleasePointer", with the
 addition of these checks]

This addresses CVE-2017-12179

Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit d088e3c1)

parent 4b7ce334

Hide whitespace changes

Inline Side-by-side

Please register or to comment