aboutsummaryrefslogtreecommitdiff
path: root/debian/CODE-REDUCTION_CLEANUP-BRUTAL
diff options
context:
space:
mode:
authorKeith Packard <keithp@keithp.com>2015-05-01 13:09:24 +0200
committerMike DePaulo <mikedep333@gmail.com>2015-05-30 22:03:55 -0400
commit2db01a9a28c4d1aa5483fe7004e1cf2c50e5f1ee (patch)
tree2cb2bdf1ab43845f0c6c3f8fbb8e916e4e76dbf5 /debian/CODE-REDUCTION_CLEANUP-BRUTAL
parent8623faa422c3659903bdb5d19eb8947579e6141f (diff)
downloadnx-libs-2db01a9a28c4d1aa5483fe7004e1cf2c50e5f1ee.tar.gz
nx-libs-2db01a9a28c4d1aa5483fe7004e1cf2c50e5f1ee.tar.bz2
nx-libs-2db01a9a28c4d1aa5483fe7004e1cf2c50e5f1ee.zip
dix: Allow zero-height PutImage requests (fix for X.Org's CVE-2015-3418).pr/dix-cve-fixes
The length checking code validates PutImage height and byte width by making sure that byte-width >= INT32_MAX / height. If height is zero, this generates a divide by zero exception. Allow zero height requests explicitly, bypassing the INT32_MAX check. Fix for regression introduced by fix for CVE-2014-8092. v2: backports to nx-libs 3.6.x (Mike Gabriel) v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) Signed-off-by: Keith Packard <keithp@keithp.com>
Diffstat (limited to 'debian/CODE-REDUCTION_CLEANUP-BRUTAL')
0 files changed, 0 insertions, 0 deletions