I agree with that change.<br><br>Not only width and height, but also BPP can be unsupported by DRM, and having no error support here caused XServer to crash on me a few times.<br><br><br><div class="gmail_quote">2013/2/25 Adam Jackson <span dir="ltr"><<a href="mailto:ajax@redhat.com" target="_blank">ajax@redhat.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We happen not to sanitize the width/height we pass to CreatePixmap here,<br>
oops. It's not exploitable, but it's certainly a crash, so let's just<br>
throw BadAlloc instead.<br>
<br>
Signed-off-by: Adam Jackson <<a href="mailto:ajax@redhat.com">ajax@redhat.com</a>><br>
---<br>
glx/glxcmds.c | 2 ++<br>
1 file changed, 2 insertions(+)<br>
<br>
diff --git a/glx/glxcmds.c b/glx/glxcmds.c<br>
index 41313f2..ddbf44d 100644<br>
--- a/glx/glxcmds.c<br>
+++ b/glx/glxcmds.c<br>
@@ -1428,6 +1428,8 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId,<br>
width, height,<br>
config->rgbBits, 0);<br>
__glXleaveServer(GL_FALSE);<br>
+ if (!pPixmap)<br>
+ return BadAlloc;<br>
<br>
/* Assign the pixmap the same id as the pbuffer and add it as a<br>
* resource so it and the DRI2 drawable will be reclaimed when the<br>
<span class="HOEnZb"><font color="#888888">--<br>
1.8.1.4<br>
<br>
_______________________________________________<br>
<a href="mailto:xorg-devel@lists.x.org">xorg-devel@lists.x.org</a>: X.Org development<br>
Archives: <a href="http://lists.x.org/archives/xorg-devel" target="_blank">http://lists.x.org/archives/xorg-devel</a><br>
Info: <a href="http://lists.x.org/mailman/listinfo/xorg-devel" target="_blank">http://lists.x.org/mailman/listinfo/xorg-devel</a><br>
</font></span></blockquote></div><br>