path: root/
diff options
authorAlan Coopersmith <>2013-03-10 00:16:22 -0800
committerAlan Coopersmith <>2013-05-23 08:13:26 -0700
commit81b4df8ac6aa1520c41c3526961014a6f115cc46 (patch)
treefa8a1ec6f07fae926142c872adf14062ddcccc47 /
parentef82512288d8ca36ac0beeb289f158195b0a8cae (diff)
sign extension issue in XListInputDevices() [CVE-2013-1995]
nptr is (signed) char, which can be negative, and will sign extend when added to the int size, which means size can be subtracted from, leading to allocating too small a buffer to hold the data being copied from the X server's reply. v2: check that string size fits inside the data read from the server, so that we don't read out of bounds either Reported-by: Ilja Van Sprundel <> Signed-off-by: Alan Coopersmith <> Reviewed-by: Peter Hutterer <>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions