diff options
Diffstat (limited to 'main/libxrandr/CVE-2013-1986-4.patch')
-rw-r--r-- | main/libxrandr/CVE-2013-1986-4.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/main/libxrandr/CVE-2013-1986-4.patch b/main/libxrandr/CVE-2013-1986-4.patch new file mode 100644 index 0000000000..1583c84a72 --- /dev/null +++ b/main/libxrandr/CVE-2013-1986-4.patch @@ -0,0 +1,48 @@ +From 2ee6511dfc3c3cd766021d26554643bd984b18ac Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Sat, 4 May 2013 21:47:50 -0700 +Subject: [PATCH] Make XRRGet*Property() always initialize returned values + +Avoids memory corruption and other errors when callers access them +without checking to see if the calls returned an error value. + +Callers are still required to check for errors, this just reduces the +damage when they don't. + +(Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel) + +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Signed-off-by: Julien Cristau <jcristau@debian.org> +--- + src/XrrProperty.c | 8 +++++++- + 1 files changed, 7 insertions(+), 1 deletions(-) + +diff --git a/src/XrrProperty.c b/src/XrrProperty.c +index 0c30d43..5864651 100644 +--- a/src/XrrProperty.c ++++ b/src/XrrProperty.c +@@ -259,6 +259,13 @@ XRRGetOutputProperty (Display *dpy, RROutput output, + xRRGetOutputPropertyReq *req; + unsigned long nbytes, rbytes; + ++ /* Always initialize return values, in case callers fail to initialize ++ them and fail to check the return code for an error. */ ++ *actual_type = None; ++ *actual_format = 0; ++ *nitems = *bytes_after = 0L; ++ *prop = (unsigned char *) NULL; ++ + RRCheckExtension (dpy, info, 1); + + LockDisplay (dpy); +@@ -280,7 +287,6 @@ XRRGetOutputProperty (Display *dpy, RROutput output, + return ((xError *)&rep)->errorCode; + } + +- *prop = (unsigned char *) NULL; + if (rep.propertyType != None) { + int format = rep.format; + +-- +1.7.2.5 + |