Skip to content
Snippets Groups Projects
Commit 97015a07 authored by Alan Coopersmith's avatar Alan Coopersmith
Browse files

dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4] 


RegionSizeof contains several integer overflows if a large length
value is passed in.  Once we fix it to return 0 on overflow, we
also have to fix the callers to handle this error condition

v2: Fixed limit calculation in RegionSizeof as pointed out by jcristau.

Reported-by: default avatarIlja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: default avatarAlan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: default avatarPeter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: default avatarJulien Cristau <jcristau@debian.org>
parent bc8e2043
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment