diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-04-13 09:32:12 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-04-13 10:06:26 -0700 |
commit | ca84a813716f9de691dc3f60390d83af4b5ae534 (patch) | |
tree | accc0871f9b97ddbaad77a39ddec4b5226469963 /src/XSecurity.c | |
parent | 8eee1236041d46a21faba32e0d27c26985267d89 (diff) | |
download | xorg-lib-libXext-ca84a813716f9de691dc3f60390d83af4b5ae534.tar.gz |
Use _XEatDataWords to avoid overflow of rep.length bit shifting
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'src/XSecurity.c')
-rw-r--r-- | src/XSecurity.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/XSecurity.c b/src/XSecurity.c index f8c7da1..ab17755 100644 --- a/src/XSecurity.c +++ b/src/XSecurity.c @@ -33,6 +33,7 @@ in this Software without prior written authorization from The Open Group. #include <X11/extensions/extutil.h> #include <X11/extensions/securproto.h> #include <X11/extensions/security.h> +#include "eat.h" static XExtensionInfo _Security_info_data; static XExtensionInfo *Security_info = &_Security_info_data; @@ -282,7 +283,7 @@ XSecurityGenerateAuthorization( } else { - _XEatData(dpy, (unsigned long) (rep.dataLength + 3) & ~3); + _XEatDataWords(dpy, rep.length); } UnlockDisplay (dpy); |