diff options
| author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2015-02-14 16:23:43 +0100 |
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2015-02-14 16:23:43 +0100 |
| commit | 09d2732b4e299eaa06c64b7a683529e337691c59 (patch) | |
| tree | 3a07c4a95980c0f34b1d3ce2f55388dd7677c685 /debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch | |
| parent | 8c98a401b49506f969dc9263d9bd566e5b31a572 (diff) | |
| download | nx-libs-09d2732b4e299eaa06c64b7a683529e337691c59.tar.gz nx-libs-09d2732b4e299eaa06c64b7a683529e337691c59.tar.bz2 nx-libs-09d2732b4e299eaa06c64b7a683529e337691c59.zip | |
Patch system: Prepend a "0" to every patch file name in debian/patches/. Adapt only this changelog stanza to this modification.
Diffstat (limited to 'debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch')
| -rw-r--r-- | debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch b/debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch new file mode 100644 index 000000000..d65862bdc --- /dev/null +++ b/debian/patches/0110_nxagent_createpixmap-bounds-check.full.patch @@ -0,0 +1,44 @@ +Description: Avoid large pixmaps + It is allowed to try and allocate a pixmap which is larger than + 32767 in either dimension. However, all of the framebuffer code + is buggy and does not reliably draw to such big pixmaps, basically + because the Region data structure operates with signed shorts + for the rectangles in it. + . + Furthermore, several places in the X server computes the + size in bytes of the pixmap and tries to store it in an + integer. This integer can overflow and cause the allocated size + to be much smaller. + . + So, such big pixmaps are rejected here with a BadAlloc + . + Originally contributed by FreeNX Team +Forwarded: pending... +Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +Last-Update: 2011-12-31 +--- a/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c +@@ -1973,6 +1973,23 @@ + client->errorValue = 0; + return BadValue; + } ++ if (stuff->width > 32767 || stuff->height > 32767) ++ { ++ /* It is allowed to try and allocate a pixmap which is larger than ++ * 32767 in either dimension. However, all of the framebuffer code ++ * is buggy and does not reliably draw to such big pixmaps, basically ++ * because the Region data structure operates with signed shorts ++ * for the rectangles in it. ++ * ++ * Furthermore, several places in the X server computes the ++ * size in bytes of the pixmap and tries to store it in an ++ * integer. This integer can overflow and cause the allocated size ++ * to be much smaller. ++ * ++ * So, such big pixmaps are rejected here with a BadAlloc ++ */ ++ return BadAlloc; ++ } + if (stuff->depth != 1) + { + pDepth = pDraw->pScreen->allowedDepths; |