Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 114864 Details for
Bug 172575
x11-libs/libXfont BDF Font Parsing and xc-misc Integer Overflow (CVE-2007-{135{1|2}|1003})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
xcmisc.diff
xcmisc.diff (text/plain), 1.05 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2007-03-29 13:59:55 UTC
(
hide
)
Description:
xcmisc.diff
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2007-03-29 13:59:55 UTC
Size:
1.05 KB
patch
obsolete
>Index: Xext/xcmisc.c >=================================================================== >RCS file: /cvs/xenocara/xserver/Xext/xcmisc.c,v >retrieving revision 1.1.1.1 >diff -u -r1.1.1.1 xcmisc.c >--- Xext/xcmisc.c 26 Nov 2006 18:14:51 -0000 1.1.1.1 >+++ Xext/xcmisc.c 16 Feb 2007 21:59:51 -0000 >@@ -42,6 +42,12 @@ > #include <X11/extensions/xcmiscstr.h> > #include "modinit.h" > >+#if HAVE_STDINT_H >+#include <stdint.h> >+#elif !defined(UINT32_MAX) >+#define UINT32_MAX 0xffffffffU >+#endif >+ > #if 0 > static unsigned char XCMiscCode; > #endif >@@ -143,7 +149,10 @@ > > REQUEST_SIZE_MATCH(xXCMiscGetXIDListReq); > >- pids = (XID *)ALLOCATE_LOCAL(stuff->count * sizeof(XID)); >+ if (stuff->count > UINT32_MAX / sizeof(XID)) >+ return BadAlloc; >+ >+ pids = (XID *)Xalloc(stuff->count * sizeof(XID)); > if (!pids) > { > return BadAlloc; >@@ -164,7 +173,7 @@ > client->pSwapReplyFunc = (ReplySwapPtr) Swap32Write; > WriteSwappedDataToClient(client, count * sizeof(XID), pids); > } >- DEALLOCATE_LOCAL(pids); >+ Xfree(pids); > return(client->noClientException); > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 172575
:
114802
|
114804
| 114864