6692670fde
ProcDRI2GetBuffers() tries to validate a length field (count). There is an integer overflow in the validation. This can cause out of bound reads and memory corruption later on. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Julien Cristau <jcristau@debian.org> |
||
---|---|---|
.. | ||
dmx | ||
kdrive | ||
vfb | ||
xfree86 | ||
xnest | ||
xquartz | ||
xwayland | ||
xwin | ||
Makefile.am |