fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2025-12-20 04:40:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/randr
History
Olivier Fourdan 7c626aa63a randr: Check for overflow in RRChangeProviderProperty() 
A client might send a request causing an integer overflow when computing
the total size to allocate in RRChangeProviderProperty().

To avoid the issue, check that total length in bytes won't exceed the
maximum integer value.

CVE-2025-49180

This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 3c3a4b767b)

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2025>
2025-06-17 15:06:40 +02:00
..
Makefile.am Add RandR leases with modesetting driver support [v6] 2018-02-27 12:39:50 -05:00
meson.build meson: hide C API if Xorg is disabled (like autotools) 2021-03-11 00:22:36 +00:00
randr.c present: fallback get_crtc to return crtc belonging to screen with present extension 2021-07-20 08:10:46 +02:00
randrstr.h present: fallback get_crtc to return crtc belonging to screen with present extension 2021-07-20 08:10:46 +02:00
rrcrtc.c present: fix msc offset calculation in screen mode 2021-04-16 10:53:43 +00:00
rrdispatch.c Add RandR leases with modesetting driver support [v6] 2018-02-27 12:39:50 -05:00
rrinfo.c Convert top level extensions to new *allocarray functions 2015-04-21 16:57:08 -07:00
rrlease.c Fix RandR leasing for more than 1 simultaneously active lease. 2021-10-21 13:08:01 +03:00
rrmode.c Add RandR leases with modesetting driver support [v6] 2018-02-27 12:39:50 -05:00
rrmonitor.c Removing the code that deletes an existing monitor in RRMonitorAdd 2024-01-03 08:42:34 +01:00
rroutput.c xserver/output: rename some badly named variables/APIs. 2020-07-10 06:17:44 +10:00
rrpointer.c randr: Fix logic in RRPointerToNearestCrtc 2014-07-30 14:40:17 -07:00
rrproperty.c randr: avoid integer truncation in length check of ProcRRChange*Property 2023-12-13 11:00:13 +10:00
rrprovider.c present: fix msc offset calculation in screen mode 2021-04-16 10:53:43 +00:00
rrproviderproperty.c randr: Check for overflow in RRChangeProviderProperty() 2025-06-17 15:06:40 +02:00
rrscreen.c xserver/output: rename some badly named variables/APIs. 2020-07-10 06:17:44 +10:00
rrsdispatch.c Add RandR leases with modesetting driver support [v6] 2018-02-27 12:39:50 -05:00
rrtransform.c randr: Silence -Wshift-negative-value warnings 2015-10-19 11:51:52 -04:00
rrtransform.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
rrxinerama.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00