diff options
| author | Matthieu Herrb <matthieu@bluenote.herrb.com> | 2008-01-17 15:28:03 +0100 |
|---|---|---|
| committer | Matthieu Herrb <matthieu@bluenote.herrb.com> | 2008-01-17 17:00:22 +0100 |
| commit | 4848d49d05a318559afe7a17a19ba055947ee1f5 (patch) | |
| tree | 109d591650b533e176d7197ce11ccad4192e5bba | |
| parent | 59a3b83922c810316a374a19484b24901c7437ae (diff) | |
Fix for CVE-2007-6428 - TOG-cup extension memory corruption.
| -rw-r--r-- | Xext/cup.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Xext/cup.c b/Xext/cup.c index 6bfa27837..781b9ce2b 100644 --- a/Xext/cup.c +++ b/Xext/cup.c @@ -196,6 +196,9 @@ int ProcGetReservedColormapEntries( REQUEST_SIZE_MATCH (xXcupGetReservedColormapEntriesReq); + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + #ifndef HAVE_SPECIAL_DESKTOP_COLORS citems[CUP_BLACK_PIXEL].pixel = screenInfo.screens[stuff->screen]->blackPixel; |