diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-03-09 14:40:33 -0800 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-04-26 17:32:34 -0700 |
commit | 96d1da55a08c4cd52b763cb07bdce5cdcbec4da8 (patch) | |
tree | 0a9ce3a2b411dbf38ff1c6ba4fe863cda461d3d0 /COPYING | |
parent | 082d70b19848059ba78c9d1c315114fb07e8c0ef (diff) | |
download | xorg-lib-libXext-96d1da55a08c4cd52b763cb07bdce5cdcbec4da8.tar.gz |
several integer overflows in XdbeGetVisualInfo() [CVE-2013-1982 3/6]
If the number of screens or visuals reported by the server is large enough
that it overflows when multiplied by the size of the appropriate struct,
then memory corruption can occur when more bytes are read from the X server
than the size of the buffer we allocated to hold them.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions