From 7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3 Mon Sep 17 00:00:00 2001
From: Mike DePaulo <mikedep333@gmail.com>
Date: Sat, 10 Jan 2015 12:03:47 -0500
Subject: Fix CVE-2014-8091..8103. Patches were ported from Ubuntu 14.04
 (xorg-server 1.15.1)

---
 xorg-server/hw/xfree86/dri2/dri2ext.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'xorg-server/hw')

diff --git a/xorg-server/hw/xfree86/dri2/dri2ext.c b/xorg-server/hw/xfree86/dri2/dri2ext.c
index ffd66fad6..221ec530b 100644
--- a/xorg-server/hw/xfree86/dri2/dri2ext.c
+++ b/xorg-server/hw/xfree86/dri2/dri2ext.c
@@ -270,6 +270,9 @@ ProcDRI2GetBuffers(ClientPtr client)
     unsigned int *attachments;
 
     REQUEST_FIXED_SIZE(xDRI2GetBuffersReq, stuff->count * 4);
+    if (stuff->count > (INT_MAX / 4))
+        return BadLength;
+
     if (!validDrawable(client, stuff->drawable, DixReadAccess | DixWriteAccess,
                        &pDrawable, &status))
         return status;
-- 
cgit v1.2.3