[PATCH xserver] Fix OOB access in ProcRecordUnregisterClients
Adam Jackson
ajax at nwnk.net
Mon Mar 20 20:20:50 UTC 2017
On Sun, 2017-03-19 at 17:55 +0100, Tobias Stoeckmann wrote:
> If a client sends a RecordUnregisterClients request with an nClients
> field larger than INT_MAX / 4, an integer overflow leads to an
> out of boundary access in RecordSanityCheckClientSpecifiers.
>
> An example line with libXtst would be:
> XRecordUnregisterClients(dpy, rc, clients, 0x40000001);
Merged:
remote: I: patch #144840 updated using rev 40c12a76c2ae57adefd3b1d412387ebbfe2fb784.
remote: I: 1 patch(es) updated to state Accepted.
To ssh://git.freedesktop.org/git/xorg/xserver
1ad2306..40c12a7 master -> master
- ajax
More information about the xorg-devel
mailing list