[PATCH:libX11] Fix more out-of-range comparisons.
Alan Coopersmith
alan.coopersmith at oracle.com
Sun Jul 21 13:12:38 PDT 2013
On 06/25/13 01:35 PM, Thomas Klausner wrote:
> ---
> src/FontNames.c | 2 +-
> src/GetFPath.c | 2 +-
> src/ListExt.c | 2 +-
> src/ModMap.c | 2 +-
> 4 files changed, 4 insertions(+), 4 deletions(-)
All of those checks were correct and don't need "fixing" (they perhaps
could have been wrapped in #ifdef LONG64 to hide them when long is
> 34-bits and thus impossible to reach these conditions), but I've gone
ahead and pushed with a revised commit comment:
commit 24d3ee0d08f24e23c91d55702f010f73d7b908e5
Author: Thomas Klausner <wiz at NetBSD.org>
Date: Tue Jun 25 22:35:29 2013 +0200
Tighten out-of-range comparisons.
[For all of these, LONG_MAX was the correct value to prevent overflows
for the recent CVEs. Lowering to INT_MAX catches buggy replies from
the server that 32-bit clients would reject but 64-bit would accept,
so we catch bugs sooner, and really, no sane & working server should
ever report more than 2gb of extension names, font path entries,
key modifier maps, etc. -alan- ]
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Pushed to ssh://git.freedesktop.org/git/xorg/lib/libX11
6d92608..24d3ee0 master -> master
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list