andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
c37ceda76b
xserver-multidpi/hw
History
Alan Coopersmith c37ceda76b Xephyr: integer overflow in ephyrHostGLXGetStringFromServer() 
reply.length & reply.size are CARD32s and need to be bounds checked before
multiplying or adding to come up with the total size to allocate, to avoid
integer overflow leading to underallocation and writing data from the
network past the end of the allocated buffer.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-07-17 18:10:40 -07:00
..
dmx Xdmx: integer overflow in GetGLXFBConfigs() 2013-07-17 18:10:40 -07:00
kdrive Xephyr: integer overflow in ephyrHostGLXGetStringFromServer() 2013-07-17 18:10:40 -07:00
vfb vfb: Initialize the GLX extension again. 2012-11-21 11:13:55 +11:00
xfree86 dix: allow a ConstantDeceleration between 0 and 1 (#66134) 2013-07-17 14:27:26 +10:00
xnest dix: Remove #includes of mibstore.h 2012-09-23 10:31:27 -07:00
xquartz Full support of sRGB capable fbconfigs. 2013-03-18 10:02:00 -07:00
xwin hw/xwin: Update manifest to target all architectures, not just x86 2013-06-10 15:48:34 +01:00
Makefile.am Catch errors in recursive relink targets 2010-03-22 00:45:57 -05:00