summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthieu Herrb <matthieu@herrb.eu>2020-07-25 19:33:50 +0200
committerMatt Turner <mattst88@gmail.com>2020-08-18 04:26:45 +0000
commit4979ac8f0be6fa2c4a1edd8a527f7d2134d8586a (patch)
treec53537712bded7709c87487dc6302835ada7ef05
parent2720b871575504349d9f4dffbc73539f1626bd78 (diff)
fix for ZDI-11426
Avoid leaking un-initalized memory to clients by zeroing the whole pixmap on initial allocation. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> (cherry picked from commit a6b2cbe91793ae4967cd21a7103d889248029553)
-rw-r--r--dix/pixmap.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/dix/pixmap.c b/dix/pixmap.c
index 6923e7e7b..061bd421d 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -117,7 +117,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
return NullPixmap;
- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
if (!pPixmap)
return NullPixmap;