summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Hutterer <peter.hutterer@who-t.net>2023-01-25 11:41:40 +1000
committerPeter Hutterer <peter.hutterer@who-t.net>2023-02-07 10:07:18 +1000
commit0ba6d8c37071131a49790243cdac55392ecf71ec (patch)
treeeb8289cc2f378e30146d2c92830ba71fa49015a7
parenta7ee25f67dfc44a7e3007d0c86d86d6cf76072d7 (diff)
Xi: fix potential use-after-free in DeepCopyPointerClasses
CVE-2023-0494, ZDI-CAN-19596 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-rw-r--r--Xi/exevents.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/Xi/exevents.c b/Xi/exevents.c
index 217baa956..dcd4efb3b 100644
--- a/Xi/exevents.c
+++ b/Xi/exevents.c
@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
memcpy(to->button->xkb_acts, from->button->xkb_acts,
sizeof(XkbAction));
}
- else
+ else {
free(to->button->xkb_acts);
+ to->button->xkb_acts = NULL;
+ }
memcpy(to->button->labels, from->button->labels,
from->button->numButtons * sizeof(Atom));