buffer overflow in XvQueryPortAttributes() [CVE-2013-2066]

Each attribute returned in the reply includes the number of bytes
to read for its marker.  We had been always trusting it, and never
validating that it wouldn't cause us to write past the end of the
buffer we allocated based on the reported text_size.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

0 files changed, 0 insertions, 0 deletions