andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CVE-2007-6429: Always test for size+offset wrapping.

Browse Source 
(cherry picked from commit be6c17fcf9)
This commit is contained in:
Matthias Hopf 2008-01-21 16:13:21 +01:00 committed by Jeremy Huddleston
parent 514c622618
commit 5ef366e8eb
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Xext/shm.c
View File

@ -761,10 +761,10 @@ CreatePmap:
if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
if (size < width * height)
return BadAlloc;
/* thankfully, offset is unsigned */
if (stuff->offset + size < size)
return BadAlloc;
}
/* thankfully, offset is unsigned */
if (stuff->offset + size < size)
return BadAlloc;
VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
@ -1101,10 +1101,10 @@ CreatePmap:
if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
if (size < width * height)
return BadAlloc;
/* thankfully, offset is unsigned */
if (stuff->offset + size < size)
return BadAlloc;
}
/* thankfully, offset is unsigned */
if (stuff->offset + size < size)
return BadAlloc;
VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(