Skip to content
Snippets Groups Projects
Commit a7bda308 authored by Peter Hutterer's avatar Peter Hutterer
Browse files

Xi: allocate enough XkbActions for our buttons

button->xkb_acts is supposed to be an array sufficiently large for all
our buttons, not just a single XkbActions struct. Allocating
insufficient memory here means when we memcpy() later in
XkbSetDeviceInfo we write into memory that wasn't ours to begin with,
leading to the usual security ooopsiedaisies.

CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

(cherry picked from commit 0c1a93d3)
parent 58e83c68
No related branches found
No related tags found
1 merge request!1218Backport CVE-2023-6377 and CVE-2023-6478
Checking pipeline status
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment