fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-06-02 09:58:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/glx
History
Adam Jackson 233429c1d8 glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6] 
These are paranoid about integer overflow, and will return -1 if their
operation would overflow a (signed) integer or if either argument is
negative.

Note that RenderLarge requests are sized with a uint32_t so in principle
this could be sketchy there, but dix limits bigreqs to 128M so you
shouldn't ever notice, and honestly if you're sending more than 2G of
rendering commands you're already doing something very wrong.

v2: Use INT_MAX for consistency with the rest of the server (jcristau)
v3: Reject negative arguments (anholt)

Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Michal Srb <msrb@suse.com>
Reviewed-by: Andy Ritger <aritger@nvidia.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 2a5cbc17fc)
Signed-off-by: Julien Cristau <jcristau@debian.org>
2014-12-09 17:50:13 +01:00
..
clientinfo.c glx: Implement GLX SetClientInfo2ARB protocol 2012-07-05 11:44:09 -07:00
createcontext.c Merge remote-tracking branch 'idr/glx-float-fbconfig' 2013-10-29 09:37:30 -07:00
extension_string.c glx: Enable GLX_ARB_fbconfig_float for DRI2 drivers 2013-10-24 11:48:04 -07:00
extension_string.h glx: Enable GLX_ARB_fbconfig_float for DRI2 drivers 2013-10-24 11:48:04 -07:00
glxbyteorder.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
glxcmds.c glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6] 2014-12-09 17:50:13 +01:00
glxcmdsswap.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
glxcontext.h glx: Fix memory leak in context garbage collection (v2) 2013-10-29 10:30:43 -04:00
glxdrawable.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
glxdri2.c glx: If DRI2GetBuffers changes the GL context, call it again 2014-04-23 10:32:44 -07:00
glxdricommon.c glx: Clear new FBConfig attributes to 0 by default. 2014-03-10 13:57:21 -07:00
glxdricommon.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
glxdriswrast.c glx: Make sure that DRI2/swrast calls haven't changed the GL context. 2014-04-23 10:32:15 -07:00
glxext.c glx: Require at least one True/DirectColor visual 2014-05-22 18:08:20 -07:00
glxext.h glx: Allow float renderType in glXCreateContextAttribsARB 2013-10-24 11:16:27 -07:00
glxscreens.c glx: Remove support for NV_vertex_program and NV_fragment_program 2013-09-11 14:37:32 -04:00
glxscreens.h glx: Remove screen number from __GLXconfig 2013-09-11 14:37:33 -04:00
glxserver.h glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6] 2014-12-09 17:50:13 +01:00
glxutil.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
indirect_dispatch.c glx: check return from __glXGetAnswerBuffer 2014-12-09 17:47:24 +01:00
indirect_dispatch.h glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
indirect_dispatch_swap.c glx: check return from __glXGetAnswerBuffer 2014-12-09 17:47:24 +01:00
indirect_program.c glx: Delete dead NV program string functions. 2014-02-07 16:03:38 -08:00
indirect_reqsize.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
indirect_reqsize.h glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
indirect_size.h glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
indirect_size_get.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
indirect_size_get.h glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
indirect_table.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
indirect_table.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
indirect_texture_compression.c glx: Stop relying on libGL ABI bugs for glGetCompressedTexImage(). 2014-02-07 16:00:26 -08:00
indirect_util.c glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6] 2014-12-09 17:50:13 +01:00
indirect_util.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
Makefile.am glx: Remove function stubs 2013-12-10 08:03:22 -08:00
render2.c glx: Convert non-generated function pointer thunking 2013-12-10 08:02:42 -08:00
render2swap.c glx: Convert non-generated function pointer thunking 2013-12-10 08:02:42 -08:00
renderpix.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
renderpixswap.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
rensize.c glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8] 2014-12-09 17:50:13 +01:00
single2.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
single2swap.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
singlepix.c glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6] 2014-12-09 17:50:13 +01:00
singlepixswap.c glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6] 2014-12-09 17:50:13 +01:00
singlesize.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
singlesize.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
swap_interval.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
unpack.h glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6] 2014-12-09 17:50:13 +01:00
xfont.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00