xserver: Branch 'master'
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Wed Jun 18 14:14:56 UTC 2025
os/io.c | 2 ++
1 file changed, 2 insertions(+)
New commits:
commit 4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
Author: Olivier Fourdan <ofourdan at redhat.com>
Date: Wed Jun 18 08:39:02 2025 +0200
os: Check for integer overflow on BigRequest length
Check for another possible integer overflow once we get a complete xReq
with BigRequest.
Related to CVE-2025-49176
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
Suggested-by: Peter Harris <pharris2 at rocketsoftware.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2028>
diff --git a/os/io.c b/os/io.c
index e7b76b9ce..167b40a72 100644
--- a/os/io.c
+++ b/os/io.c
@@ -394,6 +394,8 @@ ReadRequestFromClient(ClientPtr client)
needed = get_big_req_len(request, client);
}
client->req_len = needed;
+ if (needed > MAXINT >> 2)
+ return -(BadLength);
needed <<= 2;
}
if (gotnow < needed) {
More information about the xorg-commit
mailing list