aboutsummaryrefslogtreecommitdiff
path: root/nxcomp/PutPackedImage.cpp
diff options
context:
space:
mode:
authorAdam Jackson <ajax@redhat.com>2014-11-10 12:13:37 -0500
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2015-02-14 16:14:32 +0100
commitcdf0c3e65670c797a4fd0617d44d2bdff4011815 (patch)
treed2dfc723c1bba6728636eee94c631994874c1807 /nxcomp/PutPackedImage.cpp
parent5c43bb2484414b37115dac56dc76f1ecf4c05837 (diff)
downloadnx-libs-cdf0c3e65670c797a4fd0617d44d2bdff4011815.tar.gz
nx-libs-cdf0c3e65670c797a4fd0617d44d2bdff4011815.tar.bz2
nx-libs-cdf0c3e65670c797a4fd0617d44d2bdff4011815.zip
glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6]
Before this we'd just clamp the image size to 0, which was just hideously stupid; if the parameters were such that they'd overflow an integer, you'd allocate a small buffer, then pass huge values into (say) ReadPixels, and now you're scribbling over arbitrary server memory. v2: backport to nx-libs 3.6.x (Mike DePaulo) Reviewed-by: Keith Packard <keithp@keithp.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Michal Srb <msrb@suse.com> Reviewed-by: Andy Ritger <aritger@nvidia.com> Signed-off-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> Signed-off-by: Dave Airlie <airlied@redhat.com>
Diffstat (limited to 'nxcomp/PutPackedImage.cpp')
0 files changed, 0 insertions, 0 deletions