path: root/
diff options
authorAlan Coopersmith <>2013-03-09 22:55:23 -0800
committerAlan Coopersmith <>2013-05-23 08:13:26 -0700
commit242f92b490a695fbab244af5bad11b71f897c732 (patch)
tree2bb33db69de29671bd1188db59a873cf82439c81 /
parentbb922ed4253b35590f0369f32a917ff89ade0830 (diff)
integer overflow in XIGetProperty() [CVE-2013-1984 5/8]
If the number of items reported by the server is large enough that it overflows when multiplied by the size of the appropriate item type, then memory corruption can occur when more bytes are copied from the X server reply than the size of the buffer we allocated to hold them. Reported-by: Ilja Van Sprundel <> Signed-off-by: Alan Coopersmith <> Reviewed-by: Peter Hutterer <>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions