diff options
author | Julien Cristau <jcristau@debian.org> | 2013-05-23 20:39:46 +0200 |
---|---|---|
committer | Ulrich Sibiller <uli42@gmx.de> | 2016-10-19 21:40:27 +0200 |
commit | 78ed233308babdeb428d9292f7e40e438e9b2efd (patch) | |
tree | 72d7d6b2732b658538d1037f0060866a16bcc848 /nx-X11/registry | |
parent | 082e831303bb8c8c63ce40d79bee10855112c014 (diff) | |
download | nx-libs-78ed233308babdeb428d9292f7e40e438e9b2efd.tar.gz nx-libs-78ed233308babdeb428d9292f7e40e438e9b2efd.tar.bz2 nx-libs-78ed233308babdeb428d9292f7e40e438e9b2efd.zip |
xkb: fix off-by-one in _XkbReadGetNamesReply and _XkbReadVirtualModMap
The size of the arrays is max_key_code + 1. This makes these functions
consistent with the other checks added for CVE-2013-1997.
Also check the XkbGetNames reply when names->keys was just allocated.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Tested-by: Colin Walters <walters@verbum.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
Diffstat (limited to 'nx-X11/registry')
0 files changed, 0 insertions, 0 deletions