mirror of
https://gitlab.freedesktop.org/xorg/xserver.git
synced 2025-12-20 04:40:02 +01:00
5789e30d9d
ZDI-CAN-19866/CVE-2023-1393
If a client explicitly destroys the compositor overlay window (aka COW),
we would leave a dangling pointer to that window in the CompScreen
structure, which will trigger a use-after-free later.
Make sure to clear the CompScreen pointer to the COW when the latter gets
destroyed explicitly by the client.
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| compalloc.c | ||
| compext.c | ||
| compinit.c | ||
| compint.h | ||
| compositeext.h | ||
| compoverlay.c | ||
| compwindow.c | ||
| meson.build | ||