diff options
| author | Adam Jackson <ajax@redhat.com> | 2014-11-10 12:13:40 -0500 |
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2015-02-14 16:14:32 +0100 |
| commit | 1a9f23118787be611b6db51e4eac864c43c702d9 (patch) | |
| tree | 2eb72dda9a8ad93d0d85eccbda96038640ca22e1 /nx-X11/programs/Xserver/GL/glx/glxcmds.c | |
| parent | d0fcbc8a6ca82df82c410d0f8f9062b05fa5ec8d (diff) | |
| download | nx-libs-1a9f23118787be611b6db51e4eac864c43c702d9.tar.gz nx-libs-1a9f23118787be611b6db51e4eac864c43c702d9.tar.bz2 nx-libs-1a9f23118787be611b6db51e4eac864c43c702d9.zip | |
glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6] (v4)
These are paranoid about integer overflow, and will return -1 if their
operation would overflow a (signed) integer or if either argument is
negative.
Note that RenderLarge requests are sized with a uint32_t so in principle
this could be sketchy there, but dix limits bigreqs to 128M so you
shouldn't ever notice, and honestly if you're sending more than 2G of
rendering commands you're already doing something very wrong.
v2: Use INT_MAX for consistency with the rest of the server (jcristau)
v3: Reject negative arguments (anholt)
v4: RHEL5: add limits.h, use inline
v5: backport to nx-libs 3.6.x (Mike DePaulo)
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Michal Srb <msrb@suse.com>
Reviewed-by: Andy Ritger <aritger@nvidia.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Fedora X Ninjas <x@fedoraproject.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Diffstat (limited to 'nx-X11/programs/Xserver/GL/glx/glxcmds.c')
0 files changed, 0 insertions, 0 deletions