fix for ZDI-11426
Avoid leaking un-initalized memory to clients by zeroing the whole pixmap on initial allocation. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
This commit is contained in:
parent
9d8e7c4828
commit
aac28e162e
|
@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
|
||||||
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
|
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
|
||||||
return NullPixmap;
|
return NullPixmap;
|
||||||
|
|
||||||
pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
|
pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
|
||||||
if (!pPixmap)
|
if (!pPixmap)
|
||||||
return NullPixmap;
|
return NullPixmap;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue