Contents of /trunk/xorg-server/patches/xorg-server-1.4.0.90-CVE-2007-6429_3.patch
Parent Directory | Revision Log
Revision 486 -
(show annotations)
(download)
Wed Feb 13 00:09:39 2008 UTC (16 years, 7 months ago) by niro
File size: 1332 byte(s)
Wed Feb 13 00:09:39 2008 UTC (16 years, 7 months ago) by niro
File size: 1332 byte(s)
-added several security fixes, a fix for compiz and openoffice
1 | From be6c17fcf9efebc0bbcc3d9a25f8c5a2450c2161 Mon Sep 17 00:00:00 2001 |
2 | From: Matthias Hopf <mhopf@suse.de> |
3 | Date: Mon, 21 Jan 2008 16:13:21 +0100 |
4 | Subject: [PATCH] CVE-2007-6429: Always test for size+offset wrapping. |
5 | |
6 | --- |
7 | Xext/shm.c | 12 ++++++------ |
8 | 1 files changed, 6 insertions(+), 6 deletions(-) |
9 | |
10 | diff --git a/Xext/shm.c b/Xext/shm.c |
11 | index e46f6fc..a7a1ecf 100644 |
12 | --- a/Xext/shm.c |
13 | +++ b/Xext/shm.c |
14 | @@ -799,10 +799,10 @@ CreatePmap: |
15 | if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { |
16 | if (size < width * height) |
17 | return BadAlloc; |
18 | - /* thankfully, offset is unsigned */ |
19 | - if (stuff->offset + size < size) |
20 | - return BadAlloc; |
21 | } |
22 | + /* thankfully, offset is unsigned */ |
23 | + if (stuff->offset + size < size) |
24 | + return BadAlloc; |
25 | |
26 | VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); |
27 | |
28 | @@ -1144,10 +1144,10 @@ CreatePmap: |
29 | if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { |
30 | if (size < width * height) |
31 | return BadAlloc; |
32 | - /* thankfully, offset is unsigned */ |
33 | - if (stuff->offset + size < size) |
34 | - return BadAlloc; |
35 | } |
36 | + /* thankfully, offset is unsigned */ |
37 | + if (stuff->offset + size < size) |
38 | + return BadAlloc; |
39 | |
40 | VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); |
41 | pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)( |
42 | -- |
43 | 1.5.3.8 |
44 |