Commit 4979ac8f authored by Matthieu Herrb's avatar Matthieu Herrb Committed by Matt Turner

fix for ZDI-11426

Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb's avatarMatthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit a6b2cbe9)
parent 2720b871
Pipeline #191309 passed with stages
in 5 minutes and 18 seconds
...@@ -117,7 +117,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize) ...@@ -117,7 +117,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize) if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
return NullPixmap; return NullPixmap;
pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize); pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
if (!pPixmap) if (!pPixmap)
return NullPixmap; return NullPixmap;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment