[PATCH 11/19] glx: Handle failure to create the pixmap backing the pbuffer
Adam Jackson
ajax at redhat.com
Wed Aug 21 14:25:16 PDT 2013
We happen not to sanitize the width/height we pass to CreatePixmap here,
oops. It's not exploitable, but it's certainly a crash, so let's just
throw BadAlloc instead.
Signed-off-by: Adam Jackson <ajax at redhat.com>
---
glx/glxcmds.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/glx/glxcmds.c b/glx/glxcmds.c
index 27a68aa..9426fc1 100644
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@@ -1416,6 +1416,8 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId,
width, height,
config->rgbBits, 0);
__glXleaveServer(GL_FALSE);
+ if (!pPixmap)
+ return BadAlloc;
/* Assign the pixmap the same id as the pbuffer and add it as a
* resource so it and the DRI2 drawable will be reclaimed when the
--
1.8.3.1
More information about the xorg-devel
mailing list