fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-05-26 06:28:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/hw/xfree86
History
Jeremy Huddleston 597747c655 Fix a couple off-by-one array boundary checks. 
Error: Write outside array bounds at Xext/geext.c:406
        in function 'GEWindowSetMask' [Symbolic analysis]
       In array dereference of cli->nextSib[extension] with index 'extension'
       Array size is 128 elements (of 4 bytes each), index <= 128

Error: Buffer overflow at dix/events.c:592
	in function 'SetMaskForEvent' [Symbolic analysis]
       In array dereference of filters[deviceid] with index 'deviceid'
       Array size is 20 elements (of 512 bytes each), index >= 0 and index <= 20

Error: Read buffer overflow at hw/xfree86/loader/loader.c:226
	in function 'LoaderOpen' [Symbolic analysis]
       In array dereference of refCount[new_handle] with index 'new_handle'
       Array size is 256 elements (of 4 bytes each), index >= 1 and index <= 256

These bugs were found using the Parfait source code analysis tool.
For more information see http://research.sun.com/projects/parfait

Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit b680bda34d)
(cherry picked from commit 04c9e80f08)

Signed-off-by: Keith Packard <keithp@keithp.com>
2009-06-29 14:15:17 -07:00
..
common xfree86: restore default off for DontZap 2009-06-29 14:14:52 -07:00
ddc EDID: Fix timing class names to match the spec 2009-06-29 11:41:15 -04:00
dixmods Fix byte swapping of XF86VidMode{Get,Set}GammaRamp 2009-05-08 22:48:49 -07:00
doc xfree86: restore default off for DontZap 2009-06-29 14:14:52 -07:00
dri DRI1: Make DRICreateDrawable return TRUE for pixmaps. 2009-02-25 11:34:48 -08:00
dri2 DRI2: update DRI2 private drawable width & height according to X drawable 2009-06-11 22:46:00 -07:00
dummylib Warning fix 2008-11-25 15:05:19 -05:00
exa More man page updates for 1.6 release for Xorg, xorg.conf & exa man pages. 2008-12-02 23:37:36 -08:00
fbdevhw fbdevhw: Remove pixclock check. 2008-09-04 13:08:06 +02:00
i2c Dead code removal 2008-07-17 21:37:50 +03:00
int10 Warning fix 2008-11-25 15:05:19 -05:00
loader Fix a couple off-by-one array boundary checks. 2009-06-29 14:15:17 -07:00
modes EDID: Add modes from Established Timings III descriptor to mode pool 2009-06-11 15:22:00 -04:00
os-support Correct static symbol XkmReadTOC and first pass on compile warning fixes. 2009-02-17 15:49:06 -08:00
parser Make RgbPath keyword in xorg.conf a non-fatal error 2009-02-19 13:43:40 -08:00
ramdac xfree86: don't render SW cursors for devices attached to VCP (#16805) 2008-12-16 12:03:04 -08:00
shadowfb Prepare for array-index based devPrivates. 2008-08-28 18:05:40 -04:00
utils Remove xorgcfg 2008-07-24 03:01:45 +03:00
vbe Warning fix. 2008-11-25 15:05:18 -05:00
vgahw XFree86: Remove usage of alloca 2007-11-05 14:34:42 +00:00
x86emu x86emu: fix sparse warnings 2008-10-26 13:17:31 +01:00
xaa XAA: Disable offscreen pixmaps by default. 2009-01-09 09:57:46 -08:00
xf8_16bpp Remove smashing of CFLAGS from server build. 2006-09-18 12:11:18 -07:00
Makefile.am re-enable DRI2 2008-10-15 12:00:16 +01:00
Options Initial revision 2003-11-14 16:48:57 +00:00
xorgconf.cpp Remove all traces of external RGB database (and Speedo) 2007-11-05 16:28:35 +00:00