From 4848d49d05a318559afe7a17a19ba055947ee1f5 Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@bluenote.herrb.com>
Date: Thu, 17 Jan 2008 15:28:03 +0100
Subject: [PATCH] Fix for CVE-2007-6428 - TOG-cup extension memory corruption.

---
 Xext/cup.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/Xext/cup.c b/Xext/cup.c
index 6bfa278..781b9ce 100644
--- a/Xext/cup.c
+++ b/Xext/cup.c
@@ -196,6 +196,9 @@ int ProcGetReservedColormapEntries(
 
     REQUEST_SIZE_MATCH (xXcupGetReservedColormapEntriesReq);
 
+    if (stuff->screen >= screenInfo.numScreens)
+	return BadValue;
+
 #ifndef HAVE_SPECIAL_DESKTOP_COLORS
     citems[CUP_BLACK_PIXEL].pixel = 
 	screenInfo.screens[stuff->screen]->blackPixel;
-- 
1.5.3.5