diff options
author | Nathan Kidd <nkidd@opentext.com> | 2015-01-09 11:43:05 -0500 |
---|---|---|
committer | Adam Jackson <ajax@redhat.com> | 2017-10-12 12:25:10 -0400 |
commit | 61502107a30d64f991784648c3228ebc6694a032 (patch) | |
tree | 435b66047a38b73cce6707e96cd1aec5c3b8c17b /xfixes/saveset.c | |
parent | c206f36a4b6ecf2555ab2291c349ab7d7d0b02f5 (diff) |
xfixes: unvalidated lengths (CVE-2017-12183)
v2: Use before swap (Jeremy Huddleston Sequoia)
v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 55caa8b08c84af2b50fbc936cf334a5a93dd7db5)
Diffstat (limited to 'xfixes/saveset.c')
-rw-r--r-- | xfixes/saveset.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/xfixes/saveset.c b/xfixes/saveset.c index eb3f6589e..aa365cfe5 100644 --- a/xfixes/saveset.c +++ b/xfixes/saveset.c @@ -62,6 +62,7 @@ int SProcXFixesChangeSaveSet(ClientPtr client) { REQUEST(xXFixesChangeSaveSetReq); + REQUEST_SIZE_MATCH(xXFixesChangeSaveSetReq); swaps(&stuff->length); swapl(&stuff->window); |