fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-02-15 16:10:30 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/Xi
History
Olivier Fourdan 9d7c8d88fa Xi: Fix barrier device search 
The function GetBarrierDevice() would search for the pointer device
based on its device id and return the matching value, or supposedly NULL
if no match was found.

Unfortunately, as written, it would return the last element of the list
if no matching device id was found which can lead to out of bounds
memory access.

Fix the search function to return NULL if not matching device is found,
and adjust the callers to handle the case where the device cannot be
found.

CVE-2025-26598, ZDI-CAN-25740

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
(cherry picked from commit bba9df1a9d)
2026-01-25 10:40:01 -08:00
..
allowev.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
allowev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgdctl.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
chgdctl.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgfctl.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
chgfctl.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgkbd.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
chgkbd.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
chgkmap.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
chgkmap.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgprop.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
chgprop.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
chgptr.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
chgptr.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
closedev.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
closedev.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
devbell.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
devbell.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
exevents.c treewide: replace xnfreallocarray macro call by XNFreallocarray() 2026-01-25 10:39:55 -08:00
exglobals.h xinput: Remove PropagateMask 2020-03-30 21:48:11 +00:00
extinit.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getbmap.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getbmap.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getdctl.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
getdctl.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getfctl.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getfctl.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getfocus.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getfocus.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getkmap.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getkmap.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getmmap.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getmmap.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
getprop.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
getprop.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getselev.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
getselev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
getvers.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
getvers.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
grabdev.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
grabdev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
grabdevb.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
grabdevb.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
grabdevk.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
grabdevk.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
gtmotion.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
gtmotion.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
listdev.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
listdev.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
meson.build Add a Meson build system alongside autotools. 2017-04-26 15:25:27 -07:00
opendev.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
opendev.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
queryst.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
queryst.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
selectev.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
selectev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
sendexev.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
sendexev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
setbmap.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
setbmap.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
setdval.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
setdval.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
setfocus.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
setfocus.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
setmmap.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
setmmap.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
setmode.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
setmode.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
stubs.c ddx: add new call to purge input devices that weren't added 2016-10-26 15:35:07 +10:00
ungrdev.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
ungrdev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
ungrdevb.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
ungrdevb.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
ungrdevk.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
ungrdevk.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiallowev.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xiallowev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xibarriers.c Xi: Fix barrier device search 2026-01-25 10:40:01 -08:00
xibarriers.h Xi: free barrier code at reset time 2013-05-07 09:41:19 +10:00
xichangecursor.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xichangecursor.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xichangehierarchy.c drop not needed includes of geext.h 2026-01-25 10:40:00 -08:00
xichangehierarchy.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
xigetclientpointer.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xigetclientpointer.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xigrabdev.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xigrabdev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xipassivegrab.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xipassivegrab.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiproperty.c Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
xiproperty.h Xi: drop now obsolete swap procs 2026-01-25 10:39:59 -08:00
xiquerydevice.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xiquerydevice.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiquerypointer.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xiquerypointer.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiqueryversion.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xiqueryversion.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xiselectev.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xiselectev.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xisetclientpointer.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xisetclientpointer.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
xisetdevfocus.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xisetdevfocus.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
XIstubs.h include: unexport XIstubs.h 2026-01-25 10:39:56 -08:00
xiwarppointer.c Xi: drop swapping request length fields 2026-01-25 10:39:59 -08:00
xiwarppointer.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00