[PATCH] render: Fix out of boundary heap access
Adam Jackson
ajax at nwnk.net
Mon Mar 13 20:58:38 UTC 2017
On Mon, 2017-03-13 at 19:13 +0100, Tobias Stoeckmann wrote:
> ProcRenderCreateRadialGradient and ProcRenderCreateConicalGradient must
> be protected against an integer overflow during length check. This is
> already included in ProcRenderCreateLinearGradient since the fix for
> CVE-2008-2362.
>
> This can only be successfully exploited on a 32 bit system for an
> out of boundary read later on. Validated by using ASAN.
remote: I: patch #143811 updated using rev ac15d4cecca377c5c31ab852c39bbd554ca48fe2.
remote: I: 1 patch(es) updated to state Accepted.
To ssh://git.freedesktop.org/git/xorg/xserver
0c1574d..ac15d4c master -> master
- ajax
More information about the xorg-devel
mailing list