integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8] - xorg/lib/libXi - X.org libXi Client library for XInput. (mirrored from https://gitlab.freedesktop.org/xorg/lib/libxi)

diff options

author	Alan Coopersmith <alan.coopersmith@oracle.com>	2013-03-09 22:55:23 -0800
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2013-05-23 08:13:26 -0700
commit	6dd6dc51a2935c72774be81e5cc2ba2c30e9feff (patch)
tree	b1b6a6e8dc2c87bdf42b4c1a919590cafb81e0bb /man
parent	322ee3576789380222d4403366e4fd12fb24cb6a (diff)

integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8]

If the number of event classes reported by the server is large enough that it overflows when multiplied by the size of the appropriate struct, then memory corruption can occur when more bytes are copied from the X server reply than the size of the buffer we allocated to hold them. V2: EatData if count is 0 but length is > 0 to avoid XIOErrors Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

Diffstat (limited to 'man')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: