Skip to content
Snippets Groups Projects
Commit bba9df1a authored by Olivier Fourdan's avatar Olivier Fourdan :tools:
Browse files

Xi: Fix barrier device search 


The function GetBarrierDevice() would search for the pointer device
based on its device id and return the matching value, or supposedly NULL
if no match was found.

Unfortunately, as written, it would return the last element of the list
if no matching device id was found which can lead to out of bounds
memory access.

Fix the search function to return NULL if not matching device is found,
and adjust the callers to handle the case where the device cannot be
found.

CVE-2025-26598, ZDI-CAN-25740

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: default avatarOlivier Fourdan <ofourdan@redhat.com>
Reviewed-by: default avatarPeter Hutterer <peter.hutterer@who-t.net>
Part-of: <!1828>
parent 0e4ed949
No related branches found
No related tags found
1 merge request!1828Multiple CVE fixes
Hide whitespace changes
Inline Side-by-side
Showing
with 23 additions and 4 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment