fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-01-05 22:00:26 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/Xext
History
Jeremy Huddleston 597747c655 Fix a couple off-by-one array boundary checks. 
Error: Write outside array bounds at Xext/geext.c:406
        in function 'GEWindowSetMask' [Symbolic analysis]
       In array dereference of cli->nextSib[extension] with index 'extension'
       Array size is 128 elements (of 4 bytes each), index <= 128

Error: Buffer overflow at dix/events.c:592
	in function 'SetMaskForEvent' [Symbolic analysis]
       In array dereference of filters[deviceid] with index 'deviceid'
       Array size is 20 elements (of 512 bytes each), index >= 0 and index <= 20

Error: Read buffer overflow at hw/xfree86/loader/loader.c:226
	in function 'LoaderOpen' [Symbolic analysis]
       In array dereference of refCount[new_handle] with index 'new_handle'
       Array size is 256 elements (of 4 bytes each), index >= 1 and index <= 256

These bugs were found using the Parfait source code analysis tool.
For more information see http://research.sun.com/projects/parfait

Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit b680bda34d)
(cherry picked from commit 04c9e80f08)

Signed-off-by: Keith Packard <keithp@keithp.com>
2009-06-29 14:15:17 -07:00
..
bigreq.c Remove all empty extension reset hooks, replace with NULL. 2008-07-24 15:46:08 -04:00
dpms.c Remove all empty extension reset hooks, replace with NULL. 2008-07-24 15:46:08 -04:00
dpmsproc.h xace: add hooks + new access codes: core protocol screensaver requests 2007-08-16 10:36:05 -04:00
dpmsstubs.c Xext: remove redefinition of Bool. 2007-12-19 18:11:32 +10:30
geext.c Fix a couple off-by-one array boundary checks. 2009-06-29 14:15:17 -07:00
geext.h Xext: store the GenericMasks in the resource system. 2008-07-10 16:02:55 +09:30
geint.h Replace UniSA with full Uni name in Author affiliation. 2008-05-21 21:51:27 +09:30
Makefile.am Remove XEvIE 2008-11-04 16:01:07 +10:30
mbuf.c Xext: fix MultiBuffer compilation error with TryClientEvents. (#18835) 2008-12-02 23:27:15 -08:00
mbufbf.c Redefine WindowTable as a fixed array 2008-08-05 01:17:32 +03:00
mbufpx.c Xext: Remove usage of alloca 2007-11-05 14:34:46 +00:00
panoramiX.c Remove some null statements. 2008-11-08 12:21:20 -05:00
panoramiX.h Work around inclusion of <X11/extensions/panoramiXext.h> 2009-02-03 09:30:48 -08:00
panoramiXh.h Centralize declaration of ConnectionInfo. 2008-08-20 13:14:34 -04:00
panoramiXprocs.c Shape extension is built-in and mandatory. 2008-07-24 15:46:08 -04:00
panoramiXsrv.h Bug #14692: Allow drivers to have a say in Xinerama visual consolidation. 2008-05-12 14:49:53 -07:00
panoramiXSwap.c Merge branch 'master' into mpx 2008-01-03 17:04:54 +10:30
saver.c Prepare for array-index based devPrivates. 2008-08-28 18:05:40 -04:00
security.c security: Grant untrusted windows remove access on all windows. 2009-04-16 23:48:52 -04:00
securitysrv.h Rework of the XC-SECURITY extension. The gen-auth protocol has not changed, 2007-11-08 16:32:42 -05:00
shape.c Remove all empty extension reset hooks, replace with NULL. 2008-07-24 15:46:08 -04:00
shm.c Prepare for array-index based devPrivates. 2008-08-28 18:05:40 -04:00
shmint.h MIT-SHM pixmaps, if they exist, are ZPixmap. 2008-08-28 13:49:35 -04:00
sleepuntil.c Remove RCS tags. Fix Xprint makefile braindamage. 2006-07-21 17:56:00 -04:00
sleepuntil.h Remove RCS tags. Fix Xprint makefile braindamage. 2006-07-21 17:56:00 -04:00
sync.c xsync: Fix wakeup storm in idletime counter. 2008-12-16 09:55:27 -05:00
xace.c XACE: Add generic support for property and selection polyinstantiation. 2008-02-29 18:01:37 -05:00
xace.h XACE: Add generic support for property and selection polyinstantiation. 2008-02-29 18:01:37 -05:00
xacestr.h XACE: Add generic support for property and selection polyinstantiation. 2008-02-29 18:01:37 -05:00
xcalibrate.c Remove all empty extension reset hooks, replace with NULL. 2008-07-24 15:46:08 -04:00
xcmisc.c Remove all empty extension reset hooks, replace with NULL. 2008-07-24 15:46:08 -04:00
xf86bigfont.c Unifdef ISC 2008-10-02 17:03:54 -04:00
xres.c xalloc+memset(0) -> xcalloc 2008-10-06 15:36:51 -04:00
xselinux.c xselinux: Relax ownership restriction on SetSelectionUseContext. 2009-05-11 15:29:39 -04:00
xselinux.h XSELinux: Add a request to get a client's context from a resource ID. 2008-03-31 17:35:10 -04:00
xtest.c Xext: set POINTER_SCREEN flag in XTestFakeInput if necessary. (RH #490984) 2009-04-13 16:16:05 -04:00
xvdisp.c Yet another Xv extension byte swapping fix. 2008-01-16 14:24:22 +01:00
xvdisp.h Fix swapped Xv dispatch under Xinerama. 2007-12-02 14:15:36 -05:00
xvdix.h devPrivates rework: since API is already broken, switch everything 2007-08-28 09:28:25 -04:00
xvmain.c Prepare for array-index based devPrivates. 2008-08-28 18:05:40 -04:00
xvmc.c Prepare for array-index based devPrivates. 2008-08-28 18:05:40 -04:00
xvmcext.h Remove RCS tags. Fix Xprint makefile braindamage. 2006-07-21 17:56:00 -04:00