fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-03-04 14:10:32 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

CVE-2008-2361 - RENDER Extension crash

Browse source 
An integer overflow may occur in the computation of the size of the
glyph to be allocated by the ProcRenderCreateCursor() function which
will cause less memory to be allocated than expected, leading later to
dereferencing un-mapped memory, causing a crash of the X server.
(cherry picked from commit 5257a0f83d)
This commit is contained in:
Matthieu Herrb 2008-06-10 12:22:30 -06:00 committed by Adam Jackson
parent edd2cac9fa
commit b251fdd9d9
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
render/render.c
View file

@ -1562,6 +1562,8 @@ ProcRenderCreateCursor (ClientPtr client)
pScreen = pSrc->pDrawable->pScreen;
width = pSrc->pDrawable->width;
height = pSrc->pDrawable->height;
if (height && width > UINT32_MAX/(height*sizeof(CARD32)))
return BadAlloc;
if ( stuff->x > width
|| stuff->y > height )
return (BadMatch);