fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-06-06 22:18:24 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
read-only mirror of https://gitlab.freedesktop.org/xorg/xserver
18075 commits 91 branches 546 tags 68 MiB
C 96.5%
Roff 1.1%
Objective-C 1%
Meson 0.8%
Python 0.2%
Other 0.2%
Find a file
Peter Hutterer a569eb4f36 dix: increase XLFDMAXFONTNAMELEN to match libXfont2's MAXFONTNAMELEN 
XLFDMAXFONTNAMELEN was 256 bytes, but libXfont2 defines MAXFONTNAMELEN
as 1024 and allows font names and alias targets up to that length in
fonts.alias files.

doListFontsAndAliases copies the resolved alias target into a
stack-allocated tmp_pattern[XLFDMAXFONTNAMELEN] and then into
c->current.pattern[XLFDMAXFONTNAMELEN] (defined in LFWIstateRec).
doListFontsWithInfo has the same pattern, copying the resolved name into
c->current.pattern[]. With the old 256-byte limit, a fonts.alias entry
with a target name between 257 and 1023 bytes would overflow both
buffers.

An attacker can exploit this by:
  1. Creating a font directory with a fonts.alias containing an alias
     whose target name exceeds 256 bytes
  2. Using SetFontPath to add the malicious directory
  3. Calling ListFonts with the alias name to trigger alias resolution
  4. The oversized resolved name overflows the 256-byte stack buffer

Increase XLFDMAXFONTNAMELEN from 256 to 1024 to match libXfont2's
MAXFONTNAMELEN, ensuring the server can handle any name the font library
produces.

This vulnerability was discovered by:
Anonymous working with TrendAI Zero Day Initiative

ZDI-CAN-30136

Assisted-by: Claude:claude-opus-4-6
(cherry picked from commit bb5158f962)

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2229>
2026-06-02 09:47:45 +10:00
.gitlab-ci ci: Install libxcvt from git 2021-08-06 11:29:29 +00:00
composite composite: initialize border clip even when pixmap alloc fails 2025-02-25 19:36:29 +01:00
config config: add a quirk for Apple Silicon appledrm 2024-12-02 16:11:51 +00:00
damageext More missing version checks in SProcs 2021-08-08 12:43:01 +00:00
dbe meson: hide C API if Xorg is disabled (like autotools) 2021-03-11 00:22:36 +00:00
dix dix: increase XLFDMAXFONTNAMELEN to match libXfont2's MAXFONTNAMELEN 2026-06-02 09:47:45 +10:00
doc meson: Implement developer documentation build 2021-08-20 10:26:07 +00:00
dri3 meson: hide C API if Xorg is disabled (like autotools) 2021-03-11 00:22:36 +00:00
exa exa: rename some badly named variables 2020-07-10 06:17:40 +10:00
fb meson: hide C API if Xorg is disabled (like autotools) 2021-03-11 00:22:36 +00:00
glamor glamor: avoid double free in glamor_make_pixmap_exportable() 2026-03-28 16:40:00 +00:00
glx glx: fix reversed length check in ChangeDrawableAttributes 2026-06-02 09:47:22 +10:00
hw xf86: check return value of XF86_CRTC_CONFIG_PTR in xf86CompatOutput() 2026-03-28 16:40:00 +00:00
include dix: increase XLFDMAXFONTNAMELEN to match libXfont2's MAXFONTNAMELEN 2026-06-02 09:47:45 +10:00
m4 Add ax_pthread.m4 to m4/ 2016-05-29 19:20:51 -07:00
man Xserver.man: correct list of available authorization protocols 2025-06-12 18:08:25 -07:00
mi mi: guard miPointer functions against NULL dereferences 2025-04-08 09:50:18 +02:00
miext sync: fix deletion of counters and fences 2026-06-02 09:47:17 +10:00
os os: fix sha1 build error with Nettle 4.0 2026-03-28 16:40:00 +00:00
present present: actually return the created notifies 2026-05-30 10:35:53 -07:00
pseudoramiX Unvalidated lengths 2017-10-10 23:33:34 +02:00
randr randr: clear primary screen's primaryOutput when the output is deleted 2026-03-28 16:39:59 +00:00
record record: Check for overflow in RecordSanityCheckRegisterClients() 2025-06-17 15:06:30 +02:00
render render: fix multiple mem leaks on err paths 2026-03-28 16:39:59 +00:00
test tests: Add missing files to Makefile build 2025-10-28 17:00:57 +01:00
Xext saver: re-fetch screen private after CheckScreenPrivate in CreateSaverWindow 2026-06-02 09:47:24 +10:00
xfixes xfixes: Check request length for SetClientDisconnectMode 2025-06-17 15:06:09 +02:00
Xi Xi: add missing gesture grab type checks in ProcXIPassiveUngrabDevice 2026-05-30 10:35:53 -07:00
xkb xkb: clamp nMaps to mapWidths buffer size in CheckKeyTypes 2026-06-02 09:47:21 +10:00
.appveyor.yml Drop DMX DDX 2021-09-07 09:34:31 +00:00
.dir-locals.el .dir-locals.el: Add missing final newline 2019-10-01 17:05:28 +00:00
.gitignore .gitignore: Add new autotools file 'test-driver' 2014-04-21 13:41:42 -07:00
.gitlab-ci.yml .gitlab-ci: Use meson instead of ninja for running the tests 2025-06-30 11:29:21 +02:00
.travis.yml travis: Add OSX meson build to matrix 2019-05-02 15:42:58 +00:00
autogen.sh autogen: Set a default subject prefix for patches 2016-02-08 17:41:38 -05:00
configure.ac xserver 21.1.22 2026-04-14 15:12:24 +02:00
COPYING COPYING: add author to HPND-sell-MIT-disclaimer-xserver 2026-03-28 16:39:59 +00:00
devbook.am doc: Create a script to filter xmlto output 2015-01-05 14:24:06 -08:00
docbook.am docbook.am: embed css styles inside the HTML HEAD element 2011-09-21 14:07:49 -07:00
Makefile.am Makefile.am: add SECURITY.md to EXTRA_DIST 2025-11-30 17:21:49 +00:00
manpages.am man: Fix automake seddery 2018-05-08 12:15:30 -04:00
meson.build xserver 21.1.22 2026-04-14 15:12:24 +02:00
meson_options.txt meson: fix types for some build options 2026-05-26 17:38:22 -07:00
README.md Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
SECURITY.md Create a SECURITY.md file 2025-11-30 17:21:49 +00:00
xorg-server.m4 xorg-server.m4: just all cflags instead of just sdkdir 2018-09-20 20:12:24 +01:00
xorg-server.pc.in pkgconfig files: Add URL 2025-04-08 10:16:56 +02:00
xserver.ent.in doc: relocate xserver.ent in the package root directory 2011-05-14 11:22:26 -07:00

README.md

X Server

The X server accepts requests from client applications to create windows, which are (normally rectangular) "virtual screens" that the client program can draw into.

Windows are then composed on the actual screen by the X server (or by a separate composite manager) as directed by the window manager, which usually communicates with the user via graphical controls such as buttons and draggable titlebars and borders.

For a comprehensive overview of X Server and X Window System, consult the following article: https://en.wikipedia.org/wiki/X_server

All questions regarding this software should be directed at the Xorg mailing list:

https://lists.freedesktop.org/mailman/listinfo/xorg

The primary development code repository can be found at:

https://gitlab.freedesktop.org/xorg/xserver

For patch submission instructions, see:

https://www.x.org/wiki/Development/Documentation/SubmittingPatches

As with other projects hosted on freedesktop.org, X.Org follows its Code of Conduct, based on the Contributor Covenant. Please conduct yourself in a respectful and civilized manner when using the above mailing lists, bug trackers, etc:

https://www.freedesktop.org/wiki/CodeOfConduct