[PATCH xserver] Fix OOB access in ProcRecordUnregisterClients

Adam Jackson ajax at nwnk.net
Mon Mar 20 20:20:50 UTC 2017


On Sun, 2017-03-19 at 17:55 +0100, Tobias Stoeckmann wrote:
> If a client sends a RecordUnregisterClients request with an nClients
> field larger than INT_MAX / 4, an integer overflow leads to an
> out of boundary access in RecordSanityCheckClientSpecifiers.
> 
> An example line with libXtst would be:
> XRecordUnregisterClients(dpy, rc, clients, 0x40000001);

Merged:

remote: I: patch #144840 updated using rev 40c12a76c2ae57adefd3b1d412387ebbfe2fb784.
remote: I: 1 patch(es) updated to state Accepted.
To ssh://git.freedesktop.org/git/xorg/xserver
   1ad2306..40c12a7  master -> master

- ajax


More information about the xorg-devel mailing list