summaryrefslogtreecommitdiff
path: root/xfixes/saveset.c
diff options
context:
space:
mode:
authorNathan Kidd <nkidd@opentext.com>2015-01-09 11:43:05 -0500
committerAdam Jackson <ajax@redhat.com>2017-10-12 12:25:10 -0400
commit61502107a30d64f991784648c3228ebc6694a032 (patch)
tree435b66047a38b73cce6707e96cd1aec5c3b8c17b /xfixes/saveset.c
parentc206f36a4b6ecf2555ab2291c349ab7d7d0b02f5 (diff)
xfixes: unvalidated lengths (CVE-2017-12183)
v2: Use before swap (Jeremy Huddleston Sequoia) v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith) Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> Signed-off-by: Nathan Kidd <nkidd@opentext.com> Signed-off-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 55caa8b08c84af2b50fbc936cf334a5a93dd7db5)
Diffstat (limited to 'xfixes/saveset.c')
-rw-r--r--xfixes/saveset.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/xfixes/saveset.c b/xfixes/saveset.c
index eb3f6589e..aa365cfe5 100644
--- a/xfixes/saveset.c
+++ b/xfixes/saveset.c
@@ -62,6 +62,7 @@ int
SProcXFixesChangeSaveSet(ClientPtr client)
{
REQUEST(xXFixesChangeSaveSetReq);
+ REQUEST_SIZE_MATCH(xXFixesChangeSaveSetReq);
swaps(&stuff->length);
swapl(&stuff->window);