aboutsummaryrefslogtreecommitdiff
path: root/debian/patches/110_nxagent_createpixmap-bounds-check.full.patch
diff options
context:
space:
mode:
authorMike Gabriel <mike.gabriel@das-netzwerkteam.de>2012-01-16 22:29:05 +0100
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2012-01-16 22:29:05 +0100
commite9241fe8c730aa7f0b95b15b34ed5c2bda18b5ad (patch)
tree2dabac3d6b000def9e33cf30137da4507c19951d /debian/patches/110_nxagent_createpixmap-bounds-check.full.patch
parentd7ecf7214f0df5cd7957264be5249f4cd39f4e6e (diff)
downloadnx-libs-e9241fe8c730aa7f0b95b15b34ed5c2bda18b5ad.tar.gz
nx-libs-e9241fe8c730aa7f0b95b15b34ed5c2bda18b5ad.tar.bz2
nx-libs-e9241fe8c730aa7f0b95b15b34ed5c2bda18b5ad.zip
Reorganize patch names, to reflect patch inclusion into lite+full or full-only ,,NX (redistributed)'' tarball.
Diffstat (limited to 'debian/patches/110_nxagent_createpixmap-bounds-check.full.patch')
-rw-r--r--debian/patches/110_nxagent_createpixmap-bounds-check.full.patch44
1 files changed, 44 insertions, 0 deletions
diff --git a/debian/patches/110_nxagent_createpixmap-bounds-check.full.patch b/debian/patches/110_nxagent_createpixmap-bounds-check.full.patch
new file mode 100644
index 000000000..d65862bdc
--- /dev/null
+++ b/debian/patches/110_nxagent_createpixmap-bounds-check.full.patch
@@ -0,0 +1,44 @@
+Description: Avoid large pixmaps
+ It is allowed to try and allocate a pixmap which is larger than
+ 32767 in either dimension. However, all of the framebuffer code
+ is buggy and does not reliably draw to such big pixmaps, basically
+ because the Region data structure operates with signed shorts
+ for the rectangles in it.
+ .
+ Furthermore, several places in the X server computes the
+ size in bytes of the pixmap and tries to store it in an
+ integer. This integer can overflow and cause the allocated size
+ to be much smaller.
+ .
+ So, such big pixmaps are rejected here with a BadAlloc
+ .
+ Originally contributed by FreeNX Team
+Forwarded: pending...
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+Last-Update: 2011-12-31
+--- a/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c
+@@ -1973,6 +1973,23 @@
+ client->errorValue = 0;
+ return BadValue;
+ }
++ if (stuff->width > 32767 || stuff->height > 32767)
++ {
++ /* It is allowed to try and allocate a pixmap which is larger than
++ * 32767 in either dimension. However, all of the framebuffer code
++ * is buggy and does not reliably draw to such big pixmaps, basically
++ * because the Region data structure operates with signed shorts
++ * for the rectangles in it.
++ *
++ * Furthermore, several places in the X server computes the
++ * size in bytes of the pixmap and tries to store it in an
++ * integer. This integer can overflow and cause the allocated size
++ * to be much smaller.
++ *
++ * So, such big pixmaps are rejected here with a BadAlloc
++ */
++ return BadAlloc;
++ }
+ if (stuff->depth != 1)
+ {
+ pDepth = pDraw->pScreen->allowedDepths;