andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CVE-2007-6429: Always test for size+offset wrapping.

Browse Source
This commit is contained in:
Matthias Hopf 2008-01-21 16:13:21 +01:00 committed by Matthieu Herrb
parent bcbfd619f8
commit 44f46bfb98
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Xext/shm.c
View File

@ -753,10 +753,10 @@ CreatePmap:
if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
if (size < width * height)
return BadAlloc;
/* thankfully, offset is unsigned */
if (stuff->offset + size < size)
return BadAlloc;
}
/* thankfully, offset is unsigned */
if (stuff->offset + size < size)
return BadAlloc;
VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
@ -1098,10 +1098,10 @@ CreatePmap:
if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
if (size < width * height)
return BadAlloc;
/* thankfully, offset is unsigned */
if (stuff->offset + size < size)
return BadAlloc;
}
/* thankfully, offset is unsigned */
if (stuff->offset + size < size)
return BadAlloc;
VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(