aboutsummaryrefslogtreecommitdiff
path: root/nxcomp/ChannelCache.h
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2013-03-01 22:49:01 -0800
committerUlrich Sibiller <uli42@gmx.de>2016-10-12 09:34:38 +0200
commit29779559c92c3058edc298ca0a6e59e1293262b6 (patch)
tree57f937500cf4d1510ef632d5400e8e57cc336de6 /nxcomp/ChannelCache.h
parentdda0c652f1ec6d935040daaf2755bf9f2f6d3c4b (diff)
downloadnx-libs-29779559c92c3058edc298ca0a6e59e1293262b6.tar.gz
nx-libs-29779559c92c3058edc298ca0a6e59e1293262b6.tar.bz2
nx-libs-29779559c92c3058edc298ca0a6e59e1293262b6.zip
integer overflow in XListFontsWithInfo() [CVE-2013-1981 3/13]
If the reported number of remaining fonts is too large, the calculations to allocate memory for them may overflow, leaving us writing beyond the bounds of the allocation. v2: Fix reply_left calculations, check calculated sizes fit in reply_left v3: On error cases, also set values to be returned in pointer args to 0/NULL Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Julien Cristau <jcristau@debian.org> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
Diffstat (limited to 'nxcomp/ChannelCache.h')
0 files changed, 0 insertions, 0 deletions