diff options
author | Keith Packard <keithp@keithp.com> | 2015-01-03 08:46:45 -0800 |
---|---|---|
committer | Mike DePaulo <mikedep333@gmail.com> | 2015-05-03 18:39:31 -0400 |
commit | 48f4bf187e958a13d57eea3f41eeab7c26c66806 (patch) | |
tree | 9da3e2f330d945ba30f49fe1466d46616b57013d /COPYING | |
parent | 071466277c32e4fbc45d6248c3c71378a97f0b34 (diff) | |
download | vcxsrv-48f4bf187e958a13d57eea3f41eeab7c26c66806.tar.gz vcxsrv-48f4bf187e958a13d57eea3f41eeab7c26c66806.tar.bz2 vcxsrv-48f4bf187e958a13d57eea3f41eeab7c26c66806.zip |
dix: Allow zero-height PutImage requests (fix for X.Org's CVE-2015-3418)
The length checking code validates PutImage height and byte width by
making sure that byte-width >= INT32_MAX / height. If height is zero,
this generates a divide by zero exception. Allow zero height requests
explicitly, bypassing the INT32_MAX check.
v2: backports to VcXsrv 1.15.2.x (Mike DePaulo)
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions