File U_dbe_Call_to_DDX_SwapBuffers_requires_address_... of Package xorg-x11-server

Overview Repositories Revisions Requests Users Attributes Meta

File U_dbe_Call_to_DDX_SwapBuffers_requires_address_of_int_not_unsigned_int.patch of Package xorg-x11-server

Subject: dbe: Call to DDX SwapBuffers requires address of int, not unsigned int
References: bnc#907268, CVE-2014-8097
Patch-Mainline: Upstream
Signed-off-by: Michal Srb <msrb@suse.com>

When the local types used to walk the DBE request were changed, this
changed the type of the parameter passed to the DDX SwapBuffers API,
but there wasn't a matching change in the API definition.

At this point, with the API frozen, I just stuck a new variable in
with the correct type. Because we've already bounds-checked nStuff to
be smaller than UINT32_MAX / sizeof(DbeSwapInfoRec), we know it will
fit in a signed int without overflow.

Signed-off-by: Keith Packard <keithp@keithp.com
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
 dbe/dbe.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dbe/dbe.c b/dbe/dbe.c
index df2ad5c..e5d928d 100644
--- a/dbe/dbe.c
+++ b/dbe/dbe.c
@@ -452,6 +452,7 @@ ProcDbeSwapBuffers(ClientPtr client)
     int error;
     unsigned int i, j;
     unsigned int nStuff;
+    int nStuff_i;       /* DDX API requires int for nStuff */
 
     REQUEST_AT_LEAST_SIZE(xDbeSwapBuffersReq);
     nStuff = stuff->n;          /* use local variable for performance. */
@@ -527,9 +528,10 @@ ProcDbeSwapBuffers(ClientPtr client)
      * could deal with cross-screen synchronization.
      */
 
-    while (nStuff > 0) {
+    nStuff_i = nStuff;
+    while (nStuff_i > 0) {
         pDbeScreenPriv = DBE_SCREEN_PRIV_FROM_WINDOW(swapInfo[0].pWindow);
-        error = (*pDbeScreenPriv->SwapBuffers) (client, &nStuff, swapInfo);
+        error = (*pDbeScreenPriv->SwapBuffers) (client, &nStuff_i, swapInfo);
         if (error != Success) {
             free(swapInfo);
             return error;
-- 
1.8.4.5

Places

File U_dbe_Call_to_DDX_SwapBuffers_requires_address_of_int_not_unsigned_int.patch of Package xorg-x11-server

Places