aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/programs/Xserver/GL/glx/glxmem.c
diff options
context:
space:
mode:
authorAdam Jackson <ajax@redhat.com>2014-11-10 12:13:40 -0500
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2015-02-14 16:14:32 +0100
commit1a9f23118787be611b6db51e4eac864c43c702d9 (patch)
tree2eb72dda9a8ad93d0d85eccbda96038640ca22e1 /nx-X11/programs/Xserver/GL/glx/glxmem.c
parentd0fcbc8a6ca82df82c410d0f8f9062b05fa5ec8d (diff)
downloadnx-libs-1a9f23118787be611b6db51e4eac864c43c702d9.tar.gz
nx-libs-1a9f23118787be611b6db51e4eac864c43c702d9.tar.bz2
nx-libs-1a9f23118787be611b6db51e4eac864c43c702d9.zip
glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6] (v4)
These are paranoid about integer overflow, and will return -1 if their operation would overflow a (signed) integer or if either argument is negative. Note that RenderLarge requests are sized with a uint32_t so in principle this could be sketchy there, but dix limits bigreqs to 128M so you shouldn't ever notice, and honestly if you're sending more than 2G of rendering commands you're already doing something very wrong. v2: Use INT_MAX for consistency with the rest of the server (jcristau) v3: Reject negative arguments (anholt) v4: RHEL5: add limits.h, use inline v5: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Keith Packard <keithp@keithp.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com>
Diffstat (limited to 'nx-X11/programs/Xserver/GL/glx/glxmem.c')
0 files changed, 0 insertions, 0 deletions