fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2025-12-20 17:30:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

record: Fix out of bounds access in SwapCreateRegister()

Browse source 
ZDI-CAN-14952, CVE-2021-4011

This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
This commit is contained in:
Povilas Kanapickas 2021-12-14 15:00:00 +02:00
parent 4de9666b6d
commit e56f61c79f
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
record/record.c
View file

@ -2516,8 +2516,8 @@ SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff)
swapl(pClientID); swapl(pClientID);
} }
if (stuff->nRanges > if (stuff->nRanges >
client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) (client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
- stuff->nClients) - stuff->nClients) / bytes_to_int32(sz_xRecordRange))
return BadLength; return BadLength;
RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges);
return Success; return Success;