aboutsummaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorMike Gabriel <mike.gabriel@das-netzwerkteam.de>2015-02-10 19:17:58 +0100
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2015-02-10 19:40:48 +0100
commit471223907081355a288a315b33a2b70eb4c8fb1e (patch)
tree626691f6936497709863d91e7b0851be08468e86 /debian
parent223f5548b70910a2d745b7b48d2096f29b560def (diff)
downloadnx-libs-471223907081355a288a315b33a2b70eb4c8fb1e.tar.gz
nx-libs-471223907081355a288a315b33a2b70eb4c8fb1e.tar.bz2
nx-libs-471223907081355a288a315b33a2b70eb4c8fb1e.zip
Avoid large pixmaps (110_nxagent_createpixmap-bounds-check.full.patch).
It is allowed to try and allocate a pixmap which is larger than 32767 in either dimension. However, all of the framebuffer code is buggy and does not reliably draw to such big pixmaps, basically because the Region data structure operates with signed shorts for the rectangles in it. Furthermore, several places in the X server computes the size in bytes of the pixmap and tries to store it in an integer. This integer can overflow and cause the allocated size to be much smaller. So, such big pixmaps are rejected here with a BadAlloc Originally contributed by FreeNX Team
Diffstat (limited to 'debian')
-rw-r--r--debian/patches/110_nxagent_createpixmap-bounds-check.full.patch44
-rw-r--r--debian/patches/series1
2 files changed, 0 insertions, 45 deletions
diff --git a/debian/patches/110_nxagent_createpixmap-bounds-check.full.patch b/debian/patches/110_nxagent_createpixmap-bounds-check.full.patch
deleted file mode 100644
index d65862bdc..000000000
--- a/debian/patches/110_nxagent_createpixmap-bounds-check.full.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Description: Avoid large pixmaps
- It is allowed to try and allocate a pixmap which is larger than
- 32767 in either dimension. However, all of the framebuffer code
- is buggy and does not reliably draw to such big pixmaps, basically
- because the Region data structure operates with signed shorts
- for the rectangles in it.
- .
- Furthermore, several places in the X server computes the
- size in bytes of the pixmap and tries to store it in an
- integer. This integer can overflow and cause the allocated size
- to be much smaller.
- .
- So, such big pixmaps are rejected here with a BadAlloc
- .
- Originally contributed by FreeNX Team
-Forwarded: pending...
-Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-Last-Update: 2011-12-31
---- a/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c
-+++ b/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c
-@@ -1973,6 +1973,23 @@
- client->errorValue = 0;
- return BadValue;
- }
-+ if (stuff->width > 32767 || stuff->height > 32767)
-+ {
-+ /* It is allowed to try and allocate a pixmap which is larger than
-+ * 32767 in either dimension. However, all of the framebuffer code
-+ * is buggy and does not reliably draw to such big pixmaps, basically
-+ * because the Region data structure operates with signed shorts
-+ * for the rectangles in it.
-+ *
-+ * Furthermore, several places in the X server computes the
-+ * size in bytes of the pixmap and tries to store it in an
-+ * integer. This integer can overflow and cause the allocated size
-+ * to be much smaller.
-+ *
-+ * So, such big pixmaps are rejected here with a BadAlloc
-+ */
-+ return BadAlloc;
-+ }
- if (stuff->depth != 1)
- {
- pDepth = pDraw->pScreen->allowedDepths;
diff --git a/debian/patches/series b/debian/patches/series
index c904d1894..5a5a30e08 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,3 @@
-110_nxagent_createpixmap-bounds-check.full.patch
200_nxagent_check-binary-x2go-flavour.full.patch
201_nxagent_set-x2go-icon-if-x2goagent-flavour.full.patch
202_nx-X11_enable-xinerama.full.patch