diff options
author | Nathan Kidd <nkidd@opentext.com> | 2015-01-09 09:57:23 -0500 |
---|---|---|
committer | Julien Cristau <jcristau@debian.org> | 2017-10-10 23:33:34 +0200 |
commit | cad5a1050b7184d828aef9c1dd151c3ab649d37e (patch) | |
tree | da13a3b46374c231b5aefe1fcb2f53714be3fc47 /render/render.c | |
parent | 9c23685009aa96f4b861dcc5d2e01dbee00c4dd9 (diff) | |
download | xserver-cad5a1050b7184d828aef9c1dd151c3ab649d37e.tar.gz |
Unvalidated lengths
v2: Add overflow check and remove unnecessary check (Julien Cristau)
This addresses:
CVE-2017-12184 in XINERAMA
CVE-2017-12185 in MIT-SCREEN-SAVER
CVE-2017-12186 in X-Resource
CVE-2017-12187 in RENDER
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Diffstat (limited to 'render/render.c')
-rw-r--r-- | render/render.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/render/render.c b/render/render.c index ccae49a41..7d94bd5ff 100644 --- a/render/render.c +++ b/render/render.c @@ -1757,6 +1757,9 @@ ProcRenderSetPictureFilter(ClientPtr client) name = (char *) (stuff + 1); params = (xFixed *) (name + pad_to_int32(stuff->nbytes)); nparams = ((xFixed *) stuff + client->req_len) - params; + if (nparams < 0) + return BadLength; + result = SetPictureFilter(pPicture, name, stuff->nbytes, params, nparams); return result; } |