From bbde5b62a137ba726a747b838d81e92d72c1b42b Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@bluenote.herrb.com>
Date: Thu, 17 Jan 2008 15:26:41 +0100
Subject: [PATCH] Fix for CVE-2007-5760 - XFree86 Misc extension out of bounds
 array index

---
 hw/xfree86/common/xf86MiscExt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/xfree86/common/xf86MiscExt.c b/hw/xfree86/common/xf86MiscExt.c
index c1b9c60fc..40c196a3e 100644
--- a/hw/xfree86/common/xf86MiscExt.c
+++ b/hw/xfree86/common/xf86MiscExt.c
@@ -548,6 +548,10 @@ MiscExtPassMessage(int scrnIndex, const char *msgtype, const char *msgval,
 {
     ScrnInfoPtr pScr = xf86Screens[scrnIndex];
 
+    /* should check this in the protocol, but xf86NumScreens isn't exported */
+    if (scrnIndex >= xf86NumScreens)
+	return BadValue;
+
     if (*pScr->HandleMessage == NULL)
 	    return BadImplementation;
     return (*pScr->HandleMessage)(scrnIndex, msgtype, msgval, retstr);