Skip to content
Snippets Groups Projects
Commit ab2ba933 authored by Adam Jackson's avatar Adam Jackson :headphones: Committed by Alan Coopersmith
Browse files

glx: Be more strict about rejecting invalid image sizes [CVE-2014-8093 2/6] 


Before this we'd just clamp the image size to 0, which was just
hideously stupid; if the parameters were such that they'd overflow an
integer, you'd allocate a small buffer, then pass huge values into (say)
ReadPixels, and now you're scribbling over arbitrary server memory.

Reviewed-by: default avatarKeith Packard <keithp@keithp.com>
Reviewed-by: default avatarJulien Cristau <jcristau@debian.org>
Reviewed-by: default avatarMichal Srb <msrb@suse.com>
Reviewed-by: default avatarAndy Ritger <aritger@nvidia.com>
Signed-off-by: Adam Jackson's avatarAdam Jackson <ajax@redhat.com>
Signed-off-by: default avatarAlan Coopersmith <alan.coopersmith@oracle.com>
parent 23fe7718
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment