Fix CVE-2014-8091..8103. Patches were ported from Ubuntu 14.04 (xorg-server 1.15.1)

author: Mike DePaulo <mikedep333@gmail.com> 2015-01-10 12:03:47 -0500
committer: Mike DePaulo <mikedep333@gmail.com> 2015-01-10 12:03:47 -0500
commit: 0f3cca7b69ea6711c8f1963eb213ce8f1629091f (patch)
tree: 0df630c725acaa3516f27a36ec9c0194fbb132ad /xorg-server/hw
parent: 9380c3137260167265f1b528dd3687517cf9449a (diff)
download: vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.tar.gz
vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.tar.bz2
vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/xorg-server/hw/xfree86/dri2/dri2ext.c b/xorg-server/hw/xfree86/dri2/dri2ext.c
index ffd66fad6..221ec530b 100644
--- a/xorg-server/hw/xfree86/dri2/dri2ext.c
+++ b/xorg-server/hw/xfree86/dri2/dri2ext.c
@@ -270,6 +270,9 @@ ProcDRI2GetBuffers(ClientPtr client)
     unsigned int *attachments;
 
     REQUEST_FIXED_SIZE(xDRI2GetBuffersReq, stuff->count * 4);
+    if (stuff->count > (INT_MAX / 4))
+        return BadLength;
+
     if (!validDrawable(client, stuff->drawable, DixReadAccess | DixWriteAccess,
                        &pDrawable, &status))
         return status;
author	Mike DePaulo <mikedep333@gmail.com>	2015-01-10 12:03:47 -0500
committer	Mike DePaulo <mikedep333@gmail.com>	2015-01-10 12:03:47 -0500
commit	0f3cca7b69ea6711c8f1963eb213ce8f1629091f (patch)
tree	0df630c725acaa3516f27a36ec9c0194fbb132ad /xorg-server/hw
parent	9380c3137260167265f1b528dd3687517cf9449a (diff)
download	vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.tar.gz vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.tar.bz2 vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.zip