Contents of /trunk/xorg-server/patches/xorg-server-1.4.0.90-CVE-2007-6429_3.patch
Parent Directory
| 
Revision Log
Revision 486 -
(show annotations)
(download)
Wed Feb 13 00:09:39 2008 UTC (16 years, 3 months ago) by niro
File size: 1332 byte(s)
Wed Feb 13 00:09:39 2008 UTC (16 years, 3 months ago) by niro
File size: 1332 byte(s)
-added several security fixes, a fix for compiz and openoffice
| 1 | From be6c17fcf9efebc0bbcc3d9a25f8c5a2450c2161 Mon Sep 17 00:00:00 2001 |
| 2 | From: Matthias Hopf <mhopf@suse.de> |
| 3 | Date: Mon, 21 Jan 2008 16:13:21 +0100 |
| 4 | Subject: [PATCH] CVE-2007-6429: Always test for size+offset wrapping. |
| 5 | |
| 6 | --- |
| 7 | Xext/shm.c | 12 ++++++------ |
| 8 | 1 files changed, 6 insertions(+), 6 deletions(-) |
| 9 | |
| 10 | diff --git a/Xext/shm.c b/Xext/shm.c |
| 11 | index e46f6fc..a7a1ecf 100644 |
| 12 | --- a/Xext/shm.c |
| 13 | +++ b/Xext/shm.c |
| 14 | @@ -799,10 +799,10 @@ CreatePmap: |
| 15 | if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { |
| 16 | if (size < width * height) |
| 17 | return BadAlloc; |
| 18 | - /* thankfully, offset is unsigned */ |
| 19 | - if (stuff->offset + size < size) |
| 20 | - return BadAlloc; |
| 21 | } |
| 22 | + /* thankfully, offset is unsigned */ |
| 23 | + if (stuff->offset + size < size) |
| 24 | + return BadAlloc; |
| 25 | |
| 26 | VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); |
| 27 | |
| 28 | @@ -1144,10 +1144,10 @@ CreatePmap: |
| 29 | if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { |
| 30 | if (size < width * height) |
| 31 | return BadAlloc; |
| 32 | - /* thankfully, offset is unsigned */ |
| 33 | - if (stuff->offset + size < size) |
| 34 | - return BadAlloc; |
| 35 | } |
| 36 | + /* thankfully, offset is unsigned */ |
| 37 | + if (stuff->offset + size < size) |
| 38 | + return BadAlloc; |
| 39 | |
| 40 | VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); |
| 41 | pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)( |
| 42 | -- |
| 43 | 1.5.3.8 |
| 44 |