73b2660d72
Save a pointer to the passed in closure structure before copying it and overwriting the *c pointer to point to our copy instead of the original. If we hit an error, once we free(c), reset c to point to the original structure before jumping to the cleanup code that references *c. Since one of the errors being checked for is whether the server was able to malloc(c->nChars * itemSize), the client can potentially pass a number of characters chosen to cause the malloc to fail and the error path to be taken, resulting in the read from freed memory. Since the memory is accessed almost immediately afterwards, and the X server is mostly single threaded, the odds of the free memory having invalid contents are low with most malloc implementations when not using memory debugging features, but some allocators will definitely overwrite the memory there, leading to a likely crash. Reported-by: Pedro Ribeiro <pedrib@gmail.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> |
||
|---|---|---|
| composite | ||
| config | ||
| damageext | ||
| dbe | ||
| dix | ||
| doc | ||
| exa | ||
| fb | ||
| glx | ||
| hw | ||
| include | ||
| m4 | ||
| man | ||
| mi | ||
| miext | ||
| os | ||
| pseudoramiX | ||
| randr | ||
| record | ||
| render | ||
| test | ||
| Xext | ||
| xfixes | ||
| Xi | ||
| xkb | ||
| .dir-locals.el | ||
| .gitignore | ||
| autogen.sh | ||
| configure.ac | ||
| COPYING | ||
| devbook.am | ||
| docbook.am | ||
| fix-miregion | ||
| fix-miregion-private | ||
| fix-patch-whitespace | ||
| fix-region | ||
| Makefile.am | ||
| manpages.am | ||
| README | ||
| xorg-server.m4 | ||
| xorg-server.pc.in | ||
| xserver.ent.in | ||
X Server
The X server accepts requests from client applications to create windows,
which are (normally rectangular) "virtual screens" that the client program
can draw into.
Windows are then composed on the actual screen by the X server
(or by a separate composite manager) as directed by the window manager,
which usually communicates with the user via graphical controls such as buttons
and draggable titlebars and borders.
For a comprehensive overview of X Server and X Window System, consult the
following article:
http://en.wikipedia.org/wiki/X_server
All questions regarding this software should be directed at the
Xorg mailing list:
http://lists.freedesktop.org/mailman/listinfo/xorg
Please submit bug reports to the Xorg bugzilla:
https://bugs.freedesktop.org/enter_bug.cgi?product=xorg
The master development code repository can be found at:
git://anongit.freedesktop.org/git/xorg/xserver
http://cgit.freedesktop.org/xorg/xserver
For patch submission instructions, see:
http://www.x.org/wiki/Development/Documentation/SubmittingPatches
For more information on the git code manager, see:
http://wiki.x.org/wiki/GitPage