forked from pool/xorg-x11-server
Stefan Dirsch
5caba0411b
* X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access
Privilege Escalation Vulnerability [CVE-2021-4008, ZDI-CAN-14192]
(boo#1193030)
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=810
30 lines
900 B
Diff
30 lines
900 B
Diff
--- a/render/render.c
|
|
+++ a/render/render.c
|
|
@@ -2309,6 +2309,8 @@ SProcRenderCompositeGlyphs(ClientPtr client)
|
|
|
|
i = elt->len;
|
|
if (i == 0xff) {
|
|
+ if (buffer + 4 >= end)
|
|
+ return BadLength;
|
|
swapl((int *) buffer);
|
|
buffer += 4;
|
|
}
|
|
@@ -2320,12 +2322,16 @@ SProcRenderCompositeGlyphs(ClientPtr client)
|
|
break;
|
|
case 2:
|
|
while (i--) {
|
|
+ if (buffer + 2 >= end)
|
|
+ return BadLength;
|
|
swaps((short *) buffer);
|
|
buffer += 2;
|
|
}
|
|
break;
|
|
case 4:
|
|
while (i--) {
|
|
+ if (buffer + 4 >= end)
|
|
+ return BadLength;
|
|
swapl((int *) buffer);
|
|
buffer += 4;
|
|
}
|
|
|