libXtst: Changes to 'master'
Alan Coopersmith
alanc at kemper.freedesktop.org
Thu May 23 08:37:39 PDT 2013
configure.ac | 6 ++++++
src/XRecord.c | 55 ++++++++++++++++++++++++++++++++++++++-----------------
2 files changed, 44 insertions(+), 17 deletions(-)
New commits:
commit e7e04b7be3f018ad636aba3a36bfc1cd80b9906d
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sat Apr 13 11:27:26 2013 -0700
integer overflow in XRecordGetContext() [CVE-2013-2063]
The nclients and nranges members of the reply are both CARD32 and need
to be bounds checked before multiplying by the size of the structs to
avoid integer overflow leading to underallocation and writing data from
the network past the end of the allocated buffer.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
commit 46ed6283034b5b7d14584009453f5d974cfacf1e
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sat Apr 13 11:05:27 2013 -0700
Use _XEatDataWords to eat data in error cases
Avoids having to do calculcations based on response contents
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
More information about the xorg-commit
mailing list