mirror of
https://github.com/X11Libre/xserver.git
synced 2026-03-25 19:19:13 +00:00
ac15d4cecc
ProcRenderCreateRadialGradient and ProcRenderCreateConicalGradient must be protected against an integer overflow during length check. This is already included in ProcRenderCreateLinearGradient since the fix for CVE-2008-2362. This can only be successfully exploited on a 32 bit system for an out of boundary read later on. Validated by using ASAN. Reviewed-by: Adam Jackson <ajax@redhat.com>
95 KiB
95 KiB