[PATCH xts 2/2] libproto: RcvRep: Don't overwrite memory in QueryFont
Peter Harris
pharris at opentext.com
Mon Jan 26 13:55:35 PST 2015
On 2015-01-21 15:19, Ian Romanick wrote:
> On 01/20/2015 05:57 PM, Peter Harris wrote:
>> If the server returns a bogus (short) reply to a swapped QueryFont
>> request, RcvRep swaps past the end of its buffer, smashing the heap.
>>
>> Signed-off-by: Peter Harris <pharris at opentext.com>
>
> Given the calculated_length check later in that case, this change looks
> trivially correct.
>
> Reviewed-by: Ian Romanick <ian.d.romanick at intel.com>
Pushed. Thanks for the review.
Peter Harris
--
Open Text Connectivity Solutions Group
Peter Harris http://connectivity.opentext.com/
Research and Development Phone: +1 905 762 6001
pharris at opentext.com Toll Free: 1 877 359 4866
More information about the xorg-devel
mailing list