Commit aac28e16 authored by Matthieu Herrb's avatar Matthieu Herrb Committed by Alan Coopersmith

fix for ZDI-11426

Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb's avatarMatthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
parent 9d8e7c48
Pipeline #184862 passed with stages
in 3 minutes and 40 seconds
......@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
return NullPixmap;
pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
if (!pPixmap)
return NullPixmap;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment