fdo-mirrors/xorg-libx11
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/lib/libx11.git synced 2026-05-07 05:08:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

unvalidated indexes in _XkbReadGeomShapes() [CVE-2013-1997 3/15]

Browse source 
If the X server returns shape indexes outside the range of the number
of shapes it told us to allocate, out of bounds memory access could occur.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
This commit is contained in:
Alan Coopersmith 2013-03-02 09:12:47 -08:00
parent f293659d5a
commit bff938b9fe
1 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/xkb/XKBGeom.c
View file

@ -364,12 +364,16 @@ Status rtrn;
}
ol->num_points= olWire->nPoints;
}
if (shapeWire->primaryNdx!=XkbNoShape)
if ((shapeWire->primaryNdx!=XkbNoShape) &&
(shapeWire->primaryNdx < shapeWire->nOutlines))
shape->primary= &shape->outlines[shapeWire->primaryNdx];
else shape->primary= NULL;
if (shapeWire->approxNdx!=XkbNoShape)
else
shape->primary= NULL;
if ((shapeWire->approxNdx!=XkbNoShape) &&
(shapeWire->approxNdx < shapeWire->nOutlines))
shape->approx= &shape->outlines[shapeWire->approxNdx];
else shape->approx= NULL;
else
shape->approx= NULL;
XkbComputeShapeBounds(shape);
}
return Success;