Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/x11-base/xorg-server/files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'x11-base/xorg-server/files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch')
-rw-r--r--x11-base/xorg-server/files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch85
1 files changed, 0 insertions, 85 deletions
diff --git a/x11-base/xorg-server/files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch b/x11-base/xorg-server/files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch
deleted file mode 100644
index 903f2be..0000000
--- a/x11-base/xorg-server/files/1.4-0007-CVE-2007-6429-Don-t-spuriously-reject-8bpp-shm-pix.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From e9fa7c1c88a8130a48f772c92b186b8b777986b5 Mon Sep 17 00:00:00 2001
-From: Adam Jackson <ajax@redhat.com>
-Date: Fri, 18 Jan 2008 14:41:20 -0500
-Subject: [PATCH] CVE-2007-6429: Don't spuriously reject <8bpp shm pixmaps.
-
-Move size validation after depth validation, and only validate size if
-the bpp of the pixmap format is > 8. If bpp < 8 then we're already
-protected from overflow by the width and height checks.
----
- Xext/shm.c | 36 ++++++++++++++++++++----------------
- 1 files changed, 20 insertions(+), 16 deletions(-)
-
-diff --git a/Xext/shm.c b/Xext/shm.c
-index c545e49..e46f6fc 100644
---- a/Xext/shm.c
-+++ b/Xext/shm.c
-@@ -783,14 +783,6 @@ ProcPanoramiXShmCreatePixmap(
- }
- if (width > 32767 || height > 32767)
- return BadAlloc;
-- size = PixmapBytePad(width, depth) * height;
-- if (sizeof(size) == 4) {
-- if (size < width * height)
-- return BadAlloc;
-- /* thankfully, offset is unsigned */
-- if (stuff->offset + size < size)
-- return BadAlloc;
-- }
-
- if (stuff->depth != 1)
- {
-@@ -801,7 +793,17 @@ ProcPanoramiXShmCreatePixmap(
- client->errorValue = stuff->depth;
- return BadValue;
- }
-+
- CreatePmap:
-+ size = PixmapBytePad(width, depth) * height;
-+ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
-+ if (size < width * height)
-+ return BadAlloc;
-+ /* thankfully, offset is unsigned */
-+ if (stuff->offset + size < size)
-+ return BadAlloc;
-+ }
-+
- VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
-
- if(!(newPix = (PanoramiXRes *) xalloc(sizeof(PanoramiXRes))))
-@@ -1126,14 +1128,6 @@ ProcShmCreatePixmap(client)
- }
- if (width > 32767 || height > 32767)
- return BadAlloc;
-- size = PixmapBytePad(width, depth) * height;
-- if (sizeof(size) == 4) {
-- if (size < width * height)
-- return BadAlloc;
-- /* thankfully, offset is unsigned */
-- if (stuff->offset + size < size)
-- return BadAlloc;
-- }
-
- if (stuff->depth != 1)
- {
-@@ -1144,7 +1138,17 @@ ProcShmCreatePixmap(client)
- client->errorValue = stuff->depth;
- return BadValue;
- }
-+
- CreatePmap:
-+ size = PixmapBytePad(width, depth) * height;
-+ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) {
-+ if (size < width * height)
-+ return BadAlloc;
-+ /* thankfully, offset is unsigned */
-+ if (stuff->offset + size < size)
-+ return BadAlloc;
-+ }
-+
- VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client);
- pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)(
- pDraw->pScreen, stuff->width,
---
-1.5.3.8
-