fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2025-12-20 07:00:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

os: Check for integer overflow on BigRequest length

Browse source 
Check for another possible integer overflow once we get a complete xReq
with BigRequest.

Related to CVE-2025-49176

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Suggested-by: Peter Harris <pharris2@rocketsoftware.com>
(cherry picked from commit 4fc4d76b2c)

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2029>
This commit is contained in:
Olivier Fourdan 2025-06-18 08:39:02 +02:00
parent 97f79ca01b
commit a659519ffa
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
os/io.c
View file

@ -395,6 +395,8 @@ ReadRequestFromClient(ClientPtr client)
needed = get_big_req_len(request, client);
}
client->req_len = needed;
if (needed > MAXINT >> 2)
return -(BadLength);
needed <<= 2;
}
if (gotnow < needed) {