diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-03-08 22:25:35 -0800 |
---|---|---|
committer | Ulrich Sibiller <uli42@gmx.de> | 2016-10-12 09:34:38 +0200 |
commit | 361d36770ba3ceef0272e53c59c169f16f16ecf6 (patch) | |
tree | 1b0765771257b613cca09318275cb4edd4521bbd /nxcomp/ChannelEndPoint.cpp | |
parent | 25172302a39c4e0c90dffbdcfa88b99ac442a2f9 (diff) | |
download | nx-libs-361d36770ba3ceef0272e53c59c169f16f16ecf6.tar.gz nx-libs-361d36770ba3ceef0272e53c59c169f16f16ecf6.tar.bz2 nx-libs-361d36770ba3ceef0272e53c59c169f16f16ecf6.zip |
integer overflow in XGetWindowProperty() [CVE-2013-1981 10/13]
If the reported number of properties is too large, the calculations
to allocate memory for them may overflow, leaving us returning less
memory to the caller than implied by the value written to *nitems.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
Diffstat (limited to 'nxcomp/ChannelEndPoint.cpp')
0 files changed, 0 insertions, 0 deletions