| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Checking against upper limit of USHRT_MAX must happen before truncating
size_t to int. On 64 bit systems with strings larger than 2 GB this
could otherwise lead to negative ints or ints smaller than USHRT_MAX.
In XParseColor this could lead to out of boundary access with strings
starting with a # (color sequence). A modulo 12 operation is performed
to validate the string length, but with an overflown length, the for
loop would eventually read behind terminating '\0' character.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
Problem reported by Karsten Trulsen
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
The X protocol uses CARD16 values to represent the length so
this would overflow.
CVE-2021-31535
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
|
|
|
|
Make use of the new 64-bit sequence number API in XCB 1.11.1 to avoid
the 32-bit sequence number wrap in libX11.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=71338
Signed-off-by: Christian Linhart <chris@demorecorder.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
|
|
This patch removes some redundant null checks before free.
It should not change the code otherwise. Be aware that this
is only the first series.
Signed-off-by: Harms <wharms@bfs,de>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Left one cast behind that is necessary to change from const char *
to char * in src/xlibi18n/lcCharSet.c.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
clang complained (correctly):
warning: comparison of constant 768614336404564650 with expression
of type 'CARD32' (aka 'unsigned int') is always true
[-Wtautological-constant-out-of-range-compare]
[While LONG_MAX is correct, since it's used in size_t math, the
numbers have to be limited to 32-bit range to be usable by 32-bit
clients, and values beyond that range are far more likely to be
bugs in the data from the server than valid numbers of characters
in a font. -alan- ]
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Fixes small memory leak introduced in commit 5669a22081
Reported-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Similar to _XQueryFont, but with more ways to go wrong and overflow.
Only compiled if libX11 is built with XF86BigFont support.
v2: Fix reply_left calculations, check calculated sizes fit in reply_left
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
If the CARD32 reply.nCharInfos * sizeof(XCharStruct) overflows an
unsigned long, then too small of a buffer will be allocated for the
data copied in from the reply.
v2: Fix reply_left calculations, check calculated sizes fit in reply_left
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
MUSTCOPY seems to have only been defined in <X11/Xmd.h> when building for
CRAY, to handle missing some sizes of integer type.
(mostly performed with unifdef, followed by some manual cleanup of
spacing/indenting in the remaining code)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Clears compile-time warning of:
"X11/extensions/xf86bigfstr.h", line 1: #warning: "xf86bigfstr.h is obsolete and may be removed in the future."
"X11/extensions/xf86bigfstr.h", line 2: #warning: "include <X11/extensions/xf86bigfproto.h> for the protocol defines."
Requires xf86bigfontproto >= 1.2.0 if --disable-xf86bigfont is not
passed to configure.
Also removes unnecessary AC_SUBST of BIGFONT_CFLAGS & BIGFONT_LIBS
that PKG_CHECK_MODULES does automatically
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
|
|
Signed-off-by: Fernando Carrijo <fcarrijo@yahoo.com.br>
Acked-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
|
|
|
|
|
|
I didn't fix all of them, as that would require touching
public headers.
|
|
|
|
|
|
<X11/...>
- For Xcomposite and Xdamage, don't link the build system out of the xc tree
- Link the public X11 headers into their own directory
- Add links to XKeysymDB and XErrorDB
- Add links to all the Xlib man pages
- Add links to the lcUniConv subdirectory
- Conditionally include config.h in Xlib source
|
|
|
|
|
