libXxf86vm: Changes to 'master'
Alan Coopersmith
alanc at kemper.freedesktop.org
Thu May 23 08:38:50 PDT 2013
configure.ac | 6 +++++
src/XF86VMode.c | 61 ++++++++++++++++++++++++++++++++++++++------------------
2 files changed, 48 insertions(+), 19 deletions(-)
New commits:
commit 4c4123441e40da97acd10f58911193ad3dcef5cd
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sat Apr 13 14:43:48 2013 -0700
avoid integer overflow in XF86VidModeGetModeLine()
rep.privsize is a CARD32 and needs to be bounds checked before multiplying
by sizeof(INT32) to come up with the total size to allocate & read to avoid
integer overflow, though it would not result in buffer overflow as the same
calculation was used for both allocation & reading from the network.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
commit 47bb28ac0e6e49d3b6eb90c7c215f2fcf54f1a95
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sat Apr 13 14:33:32 2013 -0700
memory corruption in XF86VidModeGetGammaRamp() [CVE-2013-2001]
We trusted the server not to return more data than the client said it had
allocated room for, and would overflow the provided buffers if it did.
Reported-by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
commit 284a88e21fc05a63466115b33efa411c60d988c9
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sat Apr 13 14:24:12 2013 -0700
Use _XEatDataWords to avoid overflow of length calculations
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
More information about the xorg-commit
mailing list