6692670fde
ProcDRI2GetBuffers() tries to validate a length field (count). There is an integer overflow in the validation. This can cause out of bound reads and memory corruption later on. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Julien Cristau <jcristau@debian.org> |
||
---|---|---|
.. | ||
pci_ids | ||
dri2.c | ||
dri2.h | ||
dri2ext.c | ||
dri2int.h | ||
Makefile.am |