fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2025-12-20 04:40:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/Xi
History
Olivier Fourdan cc15c9fa40 Xi: Fix barrier device search 
The function GetBarrierDevice() would search for the pointer device
based on its device id and return the matching value, or supposedly NULL
if no match was found.

Unfortunately, as written, it would return the last element of the list
if no matching device id was found which can lead to out of bounds
memory access.

Fix the search function to return NULL if not matching device is found,
and adjust the callers to handle the case where the device cannot be
found.

CVE-2025-26598, ZDI-CAN-25740

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit bba9df1a9d)

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1831>
2025-02-25 19:38:11 +01:00
..
allowev.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
allowev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgdctl.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
chgdctl.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgfctl.c Fix XChangeFeedbackControl() request underflow 2021-04-13 14:28:13 +02:00
chgfctl.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgkbd.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
chgkbd.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgkmap.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
chgkmap.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgprop.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
chgprop.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgptr.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
chgptr.h Xi: Remove redundant declaration. 2012-05-14 13:17:30 +01:00
closedev.c Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
closedev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
devbell.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
devbell.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
exevents.c dix: unexport eventconvert.h functions 2024-03-11 12:26:44 +01:00
exglobals.h xinput: Remove PropagateMask 2020-03-30 21:48:11 +00:00
extinit.c xi: Implement conversions from internal to Xi2 gesture event structs 2021-05-30 13:26:37 +03:00
getbmap.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
getbmap.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getdctl.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
getdctl.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getfctl.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
getfctl.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getfocus.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
getfocus.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getkmap.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
getkmap.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getmmap.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
getmmap.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getprop.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
getprop.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getselev.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
getselev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getvers.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
getvers.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
grabdev.c Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
grabdev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
grabdevb.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
grabdevb.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
grabdevk.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
grabdevk.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
gtmotion.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
gtmotion.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
listdev.c Move sizeof to second argument in calloc calls 2024-08-06 10:00:59 +02:00
listdev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
meson.build Add a Meson build system alongside autotools. 2017-04-26 15:25:27 -07:00
opendev.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
opendev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
queryst.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
queryst.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
selectev.c xinput: Remove ExtExclusiveMasks 2020-03-30 21:48:11 +00:00
selectev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
sendexev.c Xi: Do not try to swap GenericEvent. 2017-06-19 11:58:56 +10:00
sendexev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
setbmap.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
setbmap.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
setdval.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
setdval.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
setfocus.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
setfocus.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
setmmap.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
setmmap.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
setmode.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
setmode.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
stubs.c ddx: add new call to purge input devices that weren't added 2016-10-26 15:35:07 +10:00
ungrdev.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
ungrdev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
ungrdevb.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
ungrdevb.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
ungrdevk.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
ungrdevk.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiallowev.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
xiallowev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xibarriers.c Xi: Fix barrier device search 2025-02-25 19:38:11 +01:00
xibarriers.h Xi: free barrier code at reset time 2013-05-07 09:41:19 +10:00
xichangecursor.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
xichangecursor.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xichangehierarchy.c Xi: avoid NULL pointer dereference if GetXTestDevice returns NULL 2025-02-04 09:18:26 +01:00
xichangehierarchy.h xinput: Silence a warning from gcc 11 2021-08-17 16:02:44 -04:00
xigetclientpointer.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
xigetclientpointer.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xigrabdev.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
xigrabdev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xipassivegrab.c Xi: ProcXIPassiveGrabDevice needs to use unswapped length to send reply 2024-04-02 19:19:40 -07:00
xipassivegrab.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiproperty.c Xi: drop duplicate _X_EXPORT from .c source 2024-03-03 22:34:26 +00:00
xiproperty.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiquerydevice.c Move sizeof to second argument in calloc calls 2024-08-06 10:00:59 +02:00
xiquerydevice.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiquerypointer.c dix: unexport eventconvert.h functions 2024-03-11 12:26:44 +01:00
xiquerypointer.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiqueryversion.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
xiqueryversion.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiselectev.c Xi: ProcXIGetSelectedEvents needs to use unswapped length to send reply 2024-04-02 19:19:40 -07:00
xiselectev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xisetclientpointer.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
xisetclientpointer.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xisetdevfocus.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
xisetdevfocus.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiwarppointer.c Xi: Use WarpPointerProc hook on XI pointer warping implementation 2017-06-07 14:49:04 +10:00
xiwarppointer.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00