Fix XIChangeHierarchy() integer underflow
CVE-2020-14346 / ZDI-CAN-11429 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> (cherry picked from commit 1e3392b07923987c6c9d09cf75b24f397b59bd5e)
This commit is contained in:
parent
1d3a1092c3
commit
eff3f6cdd3
|
@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client)
|
|||
if (!stuff->num_changes)
|
||||
return rc;
|
||||
|
||||
len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq);
|
||||
len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq);
|
||||
|
||||
any = (xXIAnyHierarchyChangeInfo *) &stuff[1];
|
||||
while (stuff->num_changes--) {
|
||||
|
|
Loading…
Reference in New Issue