[PATCH] dix: Allow zero-height PutImage requests
Alan Coopersmith
alan.coopersmith at oracle.com
Sat Jan 3 10:49:30 PST 2015
On 01/ 3/15 08:50 AM, Keith Packard wrote:
> The length checking code validates PutImage height and byte width by
> making sure that byte-width >= INT32_MAX / height. If height is zero,
> this generates a divide by zero exception. Allow zero height requests
> explicitly, bypassing the INT32_MAX check.
>
> Signed-off-by: Keith Packard <keithp at keithp.com>
> ---
> dix/dispatch.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/dix/dispatch.c b/dix/dispatch.c
> index 55b978d..9044ac7 100644
> --- a/dix/dispatch.c
> +++ b/dix/dispatch.c
> @@ -2000,7 +2000,7 @@ ProcPutImage(ClientPtr client)
> tmpImage = (char *) &stuff[1];
> lengthProto = length;
>
> - if (lengthProto >= (INT32_MAX / stuff->height))
> + if (stuff->height != 0 && lengthProto >= (INT32_MAX / stuff->height))
> return BadLength;
>
> if ((bytes_to_int32(lengthProto * stuff->height) +
>
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list