diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-03-01 22:49:01 -0800 |
---|---|---|
committer | Ulrich Sibiller <uli42@gmx.de> | 2016-10-12 09:34:38 +0200 |
commit | 8673bf0715160943da4937bac25cfeecd3e58b81 (patch) | |
tree | f7627ddd5bc0a11cecaa31883ded7fd0068cf04b /nxcomp/PolyFillRectangle.cpp | |
parent | 7d18bbe93809a209dcd3590c4f519f19251323d9 (diff) | |
download | nx-libs-8673bf0715160943da4937bac25cfeecd3e58b81.tar.gz nx-libs-8673bf0715160943da4937bac25cfeecd3e58b81.tar.bz2 nx-libs-8673bf0715160943da4937bac25cfeecd3e58b81.zip |
integer overflow in XListHosts() [CVE-2013-1981 5/13]
If the reported number of host entries is too large, the calculations
to allocate memory for them may overflow, leaving us writing beyond the
bounds of the allocation.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
Diffstat (limited to 'nxcomp/PolyFillRectangle.cpp')
0 files changed, 0 insertions, 0 deletions