1 files changed, 48 insertions, 0 deletions

diff --git a/main/libxrandr/CVE-2013-1986-4.patch b/main/libxrandr/CVE-2013-1986-4.patch
new file mode 100644
index 0000000000..1583c84a72
--- /dev/null
+++ b/main/libxrandr/CVE-2013-1986-4.patch
@@ -0,0 +1,48 @@
+From 2ee6511dfc3c3cd766021d26554643bd984b18ac Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat, 4 May 2013 21:47:50 -0700
+Subject: [PATCH] Make XRRGet*Property() always initialize returned values
+
+Avoids memory corruption and other errors when callers access them
+without checking to see if the calls returned an error value.
+
+Callers are still required to check for errors, this just reduces the
+damage when they don't.
+
+(Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel)
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Signed-off-by: Julien Cristau <jcristau@debian.org>
+---
+ src/XrrProperty.c |    8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletions(-)
+
+diff --git a/src/XrrProperty.c b/src/XrrProperty.c
+index 0c30d43..5864651 100644
+--- a/src/XrrProperty.c
++++ b/src/XrrProperty.c
+@@ -259,6 +259,13 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
+     xRRGetOutputPropertyReq	*req;
+     unsigned long		nbytes, rbytes;
+ 
++    /* Always initialize return values, in case callers fail to initialize
++       them and fail to check the return code for an error. */
++    *actual_type = None;
++    *actual_format = 0;
++    *nitems = *bytes_after = 0L;
++    *prop = (unsigned char *) NULL;
++
+     RRCheckExtension (dpy, info, 1);
+ 
+     LockDisplay (dpy);
+@@ -280,7 +287,6 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
+ 	return ((xError *)&rep)->errorCode;
+     }
+ 
+-    *prop = (unsigned char *) NULL;
+     if (rep.propertyType != None) {
+ 	int format = rep.format;
+ 
+-- 
+1.7.2.5
+