XLibre/xserver
1
1
Fork 0
mirror of https://github.com/X11Libre/xserver.git synced 2026-03-24 10:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
15412e78c83bf3d15bcd343ccc40afda072d3f9e
xserver/Xi
History
Peter Hutterer 541ab2ecd4 Xi/randr: fix handling of PropModeAppend/Prepend 
The handling of appending/prepending properties was incorrect, with at
least two bugs: the property length was set to the length of the new
part only, i.e. appending or prepending N elements to a property with P
existing elements always resulted in the property having N elements
instead of N + P.

Second, when pre-pending a value to a property, the offset for the old
values was incorrect, leaving the new property with potentially
uninitalized values and/or resulting in OOB memory writes.
For example, prepending a 3 element value to a 5 element property would
result in this 8 value array:
  [N, N, N, ?, ?, P, P, P ] P, P
                            ^OOB write

The XI2 code is a copy/paste of the RandR code, so the bug exists in
both.

CVE-2023-5367, ZDI-CAN-22153

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2023-10-25 00:32:52 +00:00
..
allowev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
allowev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgdctl.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
chgdctl.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgfctl.c
Fix XChangeFeedbackControl() request underflow
2021-04-13 14:28:13 +02:00
chgfctl.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgkbd.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
chgkbd.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgkmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
chgkmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgprop.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
chgprop.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgptr.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
chgptr.h
Xi: Remove redundant declaration.
2012-05-14 13:17:30 +01:00
closedev.c
Fix spelling/wording issues
2020-07-05 13:07:33 -07:00
closedev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
devbell.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
devbell.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
exevents.c
Xi: fix potential use-after-free in DeepCopyPointerClasses
2023-02-07 10:07:18 +10:00
exglobals.h
xinput: Remove PropagateMask
2020-03-30 21:48:11 +00:00
extinit.c
xi: Implement conversions from internal to Xi2 gesture event structs
2021-05-30 13:26:37 +03:00
getbmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getbmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getdctl.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getdctl.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getfctl.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getfctl.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getfocus.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getfocus.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getkmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getkmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getmmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getmmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getprop.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getprop.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getselev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getselev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getvers.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getvers.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
grabdev.c
Fix spelling/wording issues
2020-07-05 13:07:33 -07:00
grabdev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
grabdevb.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
grabdevb.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
grabdevk.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
grabdevk.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
gtmotion.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
gtmotion.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
listdev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
listdev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
meson.build
Add a Meson build system alongside autotools.
2017-04-26 15:25:27 -07:00
opendev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
opendev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
queryst.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
queryst.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
selectev.c
xinput: Remove ExtExclusiveMasks
2020-03-30 21:48:11 +00:00
selectev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
sendexev.c
Xi: Do not try to swap GenericEvent.
2017-06-19 11:58:56 +10:00
sendexev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
setbmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
setbmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
setdval.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
setdval.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
setfocus.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
setfocus.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
setmmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
setmmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
setmode.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
setmode.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
stubs.c
ddx: add new call to purge input devices that weren't added
2016-10-26 15:35:07 +10:00
ungrdev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
ungrdev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
ungrdevb.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
ungrdevb.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
ungrdevk.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
ungrdevk.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiallowev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xiallowev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xibarriers.c
Xi: lock the input thread for any pointer barrier list manipulation
2019-02-14 09:10:58 +10:00
xibarriers.h
Xi: free barrier code at reset time
2013-05-07 09:41:19 +10:00
xichangecursor.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xichangecursor.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xichangehierarchy.c
Fix XIChangeHierarchy() integer underflow
2020-08-25 17:01:29 +02:00
xichangehierarchy.h
xinput: Silence a warning from gcc 11
2021-08-17 16:02:44 -04:00
xigetclientpointer.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xigetclientpointer.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xigrabdev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xigrabdev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xipassivegrab.c
Xi: disallow passive grabs with a detail > 255
2022-12-14 11:02:06 +10:00
xipassivegrab.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiproperty.c
Xi/randr: fix handling of PropModeAppend/Prepend
2023-10-25 00:32:52 +00:00
xiproperty.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiquerydevice.c
Xi: Work around broken libxcb that doesn't ignore unknown device classes
2021-05-30 13:46:59 +03:00
xiquerydevice.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiquerypointer.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xiquerypointer.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiqueryversion.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xiqueryversion.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiselectev.c
xi: Implement selection logic for gesture event types
2021-05-30 13:26:33 +03:00
xiselectev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xisetclientpointer.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xisetclientpointer.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xisetdevfocus.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xisetdevfocus.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiwarppointer.c
Xi: Use WarpPointerProc hook on XI pointer warping implementation
2017-06-07 14:49:04 +10:00
xiwarppointer.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00