nx-X11 · 2db01a9a28c4d1aa5483fe7004e1cf2c50e5f1ee · dimbor / nx-libs

dix: Allow zero-height PutImage requests (fix for X.Org's CVE-2015-3418). · 2db01a9a

authored May 01, 2015

 The length checking code validates PutImage height and byte width by
 making sure that byte-width >= INT32_MAX / height. If height is zero,
 this generates a divide by zero exception. Allow zero height requests
 explicitly, bypassing the INT32_MAX check.

 Fix for regression introduced by fix for CVE-2014-8092.

 v2: backports to nx-libs 3.6.x (Mike Gabriel)
 v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo)
Signed-off-by: Keith Packard <keithp@keithp.com>

2db01a9a

Name	Last commit	Last update
..
config		Loading commit data...
extras		Loading commit data...
include		Loading commit data...
lib		Loading commit data...
programs		Loading commit data...
BUILD		Loading commit data...
CHANGELOG		Loading commit data...
COPYING		Loading commit data...
ChangeLog.X.org		Loading commit data...
Imakefile		Loading commit data...
LABEL		Loading commit data...
LICENSE		Loading commit data...
Makefile		Loading commit data...
README		Loading commit data...
README.crypto		Loading commit data...
RELNOTES		Loading commit data...
registry		Loading commit data...
xf86Date.h		Loading commit data...

README