[PATCH 5/5] glx: Handle failure to create the pixmap backing the pbuffer
Adam Jackson
ajax at redhat.com
Mon Feb 25 14:04:12 PST 2013
We happen not to sanitize the width/height we pass to CreatePixmap here,
oops. It's not exploitable, but it's certainly a crash, so let's just
throw BadAlloc instead.
Signed-off-by: Adam Jackson <ajax at redhat.com>
---
glx/glxcmds.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/glx/glxcmds.c b/glx/glxcmds.c
index 41313f2..ddbf44d 100644
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@@ -1428,6 +1428,8 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId,
width, height,
config->rgbBits, 0);
__glXleaveServer(GL_FALSE);
+ if (!pPixmap)
+ return BadAlloc;
/* Assign the pixmap the same id as the pbuffer and add it as a
* resource so it and the DRI2 drawable will be reclaimed when the
--
1.8.1.4
More information about the xorg-devel
mailing list