Olivier Fourdan fb51d5dd53 composite: Fix use-after-free of the COW ...

ZDI-CAN-19866/CVE-2023-1393

If a client explicitly destroys the compositor overlay window (aka COW),
we would leave a dangling pointer to that window in the CompScreen
structure, which will trigger a use-after-free later.

Make sure to clear the CompScreen pointer to the COW when the latter gets
destroyed explicitly by the client.

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 26ef545b35)

2023-03-29 14:20:26 +02:00

..

compalloc.c

composite: Be more paranoid in compDestroyDamage

2019-08-15 16:57:50 +00:00

compext.c

dispatch: Mark swapped dispatch as _X_COLD

2017-03-01 10:16:20 -05:00

compinit.c

composite: Stop wrapping GetImage/GetSpans

2019-10-30 16:26:01 +00:00

compint.h

composite: Stop wrapping GetImage/GetSpans

2019-10-30 16:26:01 +00:00

compositeext.h

composite: Export compIsAlternateVisual

2017-01-25 11:27:06 -05:00

compoverlay.c

Drop trailing whitespaces

2014-11-12 10:25:00 +10:00

compwindow.c

composite: Fix use-after-free of the COW

2023-03-29 14:20:26 +02:00

Makefile.am

Export CompositeRegisterAlternateVisuals.

2009-04-27 13:29:40 -07:00

meson.build

meson: hide C API if Xorg is disabled (like autotools)

2021-03-11 00:22:36 +00:00