andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
2a5cbc17fc
xserver-multidpi/glx
History
Adam Jackson 2a5cbc17fc glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6] 
These are paranoid about integer overflow, and will return -1 if their
operation would overflow a (signed) integer or if either argument is
negative.

Note that RenderLarge requests are sized with a uint32_t so in principle
this could be sketchy there, but dix limits bigreqs to 128M so you
shouldn't ever notice, and honestly if you're sending more than 2G of
rendering commands you're already doing something very wrong.

v2: Use INT_MAX for consistency with the rest of the server (jcristau)
v3: Reject negative arguments (anholt)

Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Michal Srb <msrb@suse.com>
Reviewed-by: Andy Ritger <aritger@nvidia.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2014-12-08 18:09:49 -08:00
..
clientinfo.c glx: Implement GLX SetClientInfo2ARB protocol 2012-07-05 11:44:09 -07:00
createcontext.c Merge remote-tracking branch 'idr/glx-float-fbconfig' 2013-10-29 09:37:30 -07:00
extension_string.c glx: Enable GLX_ARB_fbconfig_float for DRI2 drivers 2013-10-24 11:48:04 -07:00
extension_string.h glx: Enable GLX_ARB_fbconfig_float for DRI2 drivers 2013-10-24 11:48:04 -07:00
glxbyteorder.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
glxcmds.c glx: Be more paranoid about variable-length requests [CVE-2014-8093 1/6] 2014-12-08 18:09:49 -08:00
glxcmdsswap.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
glxcontext.h glx: Fix memory leak in context garbage collection (v2) 2013-10-29 10:30:43 -04:00
glxdrawable.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
glxdri2.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
glxdricommon.c glx: Clear new FBConfig attributes to 0 by default. 2014-03-10 13:57:21 -07:00
glxdricommon.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
glxdriswrast.c glx: Fix 'y ' value in swrastGetDrawableInfo() 2014-09-11 17:51:12 -07:00
glxext.c glx: Fix crash when a client exits without deleting GL contexts 2014-12-05 16:41:49 +00:00
glxext.h glx: Fix crash when a client exits without deleting GL contexts 2014-12-05 16:41:49 +00:00
glxscreens.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
glxscreens.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
glxserver.h glx: Add safe_{add,mul,pad} (v3) [CVE-2014-8093 4/6] 2014-12-08 18:09:49 -08:00
glxutil.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
indirect_dispatch_swap.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_dispatch.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_dispatch.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_program.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_reqsize.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_reqsize.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_size_get.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_size_get.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_size.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_table.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_table.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_texture_compression.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_util.c glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6] 2014-12-08 18:09:49 -08:00
indirect_util.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
Makefile.am glx: Remove function stubs 2013-12-10 08:03:22 -08:00
render2.c glx: Convert non-generated function pointer thunking 2013-12-10 08:02:42 -08:00
render2swap.c glx: Convert non-generated function pointer thunking 2013-12-10 08:02:42 -08:00
renderpix.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
renderpixswap.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
rensize.c glx: Fix image size computation for EXT_texture_integer [CVE-2014-8098 1/8] 2014-12-08 18:09:49 -08:00
single2.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
single2swap.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
singlepix.c glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6] 2014-12-08 18:09:49 -08:00
singlepixswap.c glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6] 2014-12-08 18:09:49 -08:00
singlesize.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
singlesize.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
swap_interval.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
unpack.h glx: Additional paranoia in __glXGetAnswerBuffer / __GLX_GET_ANSWER_BUFFER (v2) [CVE-2014-8093 3/6] 2014-12-08 18:09:49 -08:00
xfont.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00