XLibre/xserver
1
1
Fork 0
mirror of https://github.com/X11Libre/xserver.git synced 2026-03-24 16:44:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
eeae42d60bf3d5663ea088581f6c28a82cd17829
xserver/dix
History
Alan Coopersmith eeae42d60b dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4] 
ProcPutImage() calculates a length field from a width, left pad and depth
specified by the client (if the specified format is XYPixmap).

The calculations for the total amount of memory the server needs for the
pixmap can overflow a 32-bit number, causing out-of-bounds memory writes
on 32-bit systems (since the length is stored in a long int variable).

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2014-12-08 18:09:46 -08:00
..
.gitignore
dix and os: gitignore dix.O and os.O
2011-09-23 17:14:47 -07:00
atom.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
buildatoms
XFree86 4.3.0.1
2003-11-14 16:49:22 +00:00
BuiltInAtoms
R6.6 is the Xorg base-line
2003-11-14 15:54:54 +00:00
colormap.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
cursor.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
devices.c
fix an annotation mistake
2014-11-12 10:26:02 +10:00
dispatch.c
dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]
2014-12-08 18:09:46 -08:00
dispatch.h
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
dixfonts.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
dixutils.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
enterleave.c
input: drop FP1616 macro
2012-11-19 12:12:23 +10:00
enterleave.h
dix: Move DeviceFocusEvent from Xi into enterleave.c
2012-05-17 08:50:44 +10:00
eventconvert.c
dix: send the current axis value in DeviceChangedEvents (#62321)
2013-05-07 09:40:42 +10:00
events.c
dix: reference the cursor just once in InitializeSprite()
2014-06-04 21:32:14 -07:00
extension.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
ffs.c
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
gc.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
getevents.c
dix: Untwist transformAbsolute logic, eliminate uninitialized value warnings
2014-10-28 20:56:37 -07:00
globals.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
glyphcurs.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
grabs.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
initatoms.c
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
inpututils.c
dix: silence compiler warning
2014-11-12 10:25:00 +10:00
main.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
Makefile.am
Allow DDX to provide a main()
2013-07-23 23:56:58 +01:00
pixmap.c
pixmap: fix reverse optimus support with multiple heads
2014-09-11 18:14:44 -07:00
privates.c
Replace 'pointer' type with 'void *'
2014-01-12 10:24:11 -08:00
property.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
protocol.txt
dix: Remove XpExtension leftovers from protocol.txt
2014-10-02 10:16:24 -07:00
ptrveloc.c
dix: allow a ConstantDeceleration between 0 and 1 (#66134)
2013-07-17 14:27:26 +10:00
region.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
registry.c
Build required portions of registry.c automatically [v2]
2014-09-18 15:29:29 -07:00
resource.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
selection.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
stubmain.c
Allow DDX to provide a main()
2013-07-23 23:56:58 +01:00
swaprep.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
swapreq.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
tables.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
touch.c
Replace 'pointer' type with 'void *'
2014-01-12 10:24:11 -08:00
window.c
Drop trailing whitespaces
2014-11-12 10:25:00 +10:00
Xserver-dtrace.h.in
dix: add dtrace probes to input API
2012-03-22 11:33:42 +10:00
Xserver.d
dix: add dtrace probes to input API
2012-03-22 11:33:42 +10:00