Annotation of /trunk/xorg-server/patches/xorg-server-1.4.0.90-CVE-2007-6429_3.patch
Parent Directory | Revision Log
Revision 486 -
(hide annotations)
(download)
Wed Feb 13 00:09:39 2008 UTC (16 years, 7 months ago) by niro
File size: 1332 byte(s)
Wed Feb 13 00:09:39 2008 UTC (16 years, 7 months ago) by niro
File size: 1332 byte(s)
-added several security fixes, a fix for compiz and openoffice
1 | niro | 486 | From be6c17fcf9efebc0bbcc3d9a25f8c5a2450c2161 Mon Sep 17 00:00:00 2001 |
2 | From: Matthias Hopf <mhopf@suse.de> | ||
3 | Date: Mon, 21 Jan 2008 16:13:21 +0100 | ||
4 | Subject: [PATCH] CVE-2007-6429: Always test for size+offset wrapping. | ||
5 | |||
6 | --- | ||
7 | Xext/shm.c | 12 ++++++------ | ||
8 | 1 files changed, 6 insertions(+), 6 deletions(-) | ||
9 | |||
10 | diff --git a/Xext/shm.c b/Xext/shm.c | ||
11 | index e46f6fc..a7a1ecf 100644 | ||
12 | --- a/Xext/shm.c | ||
13 | +++ b/Xext/shm.c | ||
14 | @@ -799,10 +799,10 @@ CreatePmap: | ||
15 | if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { | ||
16 | if (size < width * height) | ||
17 | return BadAlloc; | ||
18 | - /* thankfully, offset is unsigned */ | ||
19 | - if (stuff->offset + size < size) | ||
20 | - return BadAlloc; | ||
21 | } | ||
22 | + /* thankfully, offset is unsigned */ | ||
23 | + if (stuff->offset + size < size) | ||
24 | + return BadAlloc; | ||
25 | |||
26 | VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); | ||
27 | |||
28 | @@ -1144,10 +1144,10 @@ CreatePmap: | ||
29 | if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { | ||
30 | if (size < width * height) | ||
31 | return BadAlloc; | ||
32 | - /* thankfully, offset is unsigned */ | ||
33 | - if (stuff->offset + size < size) | ||
34 | - return BadAlloc; | ||
35 | } | ||
36 | + /* thankfully, offset is unsigned */ | ||
37 | + if (stuff->offset + size < size) | ||
38 | + return BadAlloc; | ||
39 | |||
40 | VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); | ||
41 | pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)( | ||
42 | -- | ||
43 | 1.5.3.8 | ||
44 |