subject:"Bug#852952\: jessie\-pu\: package libxrandr\/2\:1.4.2\-1\+deb8u1"

Processed: Re: Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

2017-11-19 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + pending
Bug #852952 [release.debian.org] jessie-pu: package libxrandr/2:1.4.2-1+deb8u1
Added tag(s) pending.

-- 
852952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

2017-11-19 Thread Adam D. Barratt

Control: tags -1 + pending

On Sat, 2017-11-18 at 18:37 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sat, 2017-09-09 at 13:49 +0200, Julien Cristau wrote:
> > Control: tag -1 - moreinfo
> > 
> > On Sat, Jan 28, 2017 at 15:10:24 +0100, Julien Cristau wrote:
> > 
> > > Package: release.debian.org
> > > Severity: normal
> > > Tags: jessie
> > > User: release.debian@packages.debian.org
> > > Usertags: pu
> > > 
> > 
> > New patch, now with less memory leak.  I've also attached the diff
> > from
> > the previous one.
> > 
> 
> Please go ahead.

Flagged for acceptance.

Regards,

Adam

Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

2017-11-18 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sat, 2017-09-09 at 13:49 +0200, Julien Cristau wrote:
> Control: tag -1 - moreinfo
> 
> On Sat, Jan 28, 2017 at 15:10:24 +0100, Julien Cristau wrote:
> 
> > Package: release.debian.org
> > Severity: normal
> > Tags: jessie
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> 
> New patch, now with less memory leak.  I've also attached the diff
> from
> the previous one.
> 

Please go ahead.

Regards,

Adam

Processed: Re: Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

2017-11-18 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #852952 [release.debian.org] jessie-pu: package libxrandr/2:1.4.2-1+deb8u1
Added tag(s) confirmed.

-- 
852952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

2017-09-09 Thread Julien Cristau

Control: tag -1 - moreinfo

On Sat, Jan 28, 2017 at 15:10:24 +0100, Julien Cristau wrote:

> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian@packages.debian.org
> Usertags: pu
> 
New patch, now with less memory leak.  I've also attached the diff from
the previous one.

Cheers,
Julien
diff --git a/debian/changelog b/debian/changelog
index 0f83cd4..e804fe2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libxrandr (2:1.4.2-1+deb8u1) jessie; urgency=medium
+
+  * Avoid out of boundary accesses on illegal responses.  Addresses
+CVE-2016-7947 and CVE-2016-7948.
+
+ -- Julien Cristau   Sat, 09 Sep 2017 13:45:59 +0200
+
 libxrandr (2:1.4.2-1) sid; urgency=medium
 
   * New upstream release.
diff --git a/src/XrrConfig.c b/src/XrrConfig.c
index 2f0282b..e68c45a 100644
--- a/src/XrrConfig.c
+++ b/src/XrrConfig.c
@@ -29,6 +29,7 @@
 #include 
 #endif
 
+#include 
 #include 
 #include 
 /* we need to be able to manipulate the Display structure on events */
@@ -272,23 +273,30 @@ static XRRScreenConfiguration *_XRRGetScreenInfo (Display *dpy,
 	rep.rate = 0;
 	rep.nrateEnts = 0;
 }
+if (rep.length < INT_MAX >> 2) {
+	nbytes = (long) rep.length << 2;
 
-nbytes = (long) rep.length << 2;
+	nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
+			((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */);
 
-nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
-			 ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */);
+	/*
+	 * first we must compute how much space to allocate for
+	 * randr library's use; we'll allocate the structures in a single
+	 * allocation, on cleanlyness grounds.
+	 */
 
-/*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+	rbytes = sizeof (XRRScreenConfiguration) +
+	  (rep.nSizes * sizeof (XRRScreenSize) +
+	   rep.nrateEnts * sizeof (int));
 
-rbytes = sizeof (XRRScreenConfiguration) +
-  (rep.nSizes * sizeof (XRRScreenSize) +
-   rep.nrateEnts * sizeof (int));
+	scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
+} else {
+	nbytes = 0;
+	nbytesRead = 0;
+	rbytes = 0;
+	scp = NULL;
+}
 
-scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
 if (scp == NULL) {
 	_XEatData (dpy, (unsigned long) nbytes);
 	return NULL;
diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c
index a704a52..b10bad4 100644
--- a/src/XrrCrtc.c
+++ b/src/XrrCrtc.c
@@ -24,6 +24,7 @@
 #include 
 #endif
 
+#include 
 #include 
 #include 
 /* we need to be able to manipulate the Display structure on events */
@@ -57,22 +58,33 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources *resources, RRCrtc crtc)
 	return NULL;
 }
 
-nbytes = (long) rep.length << 2;
+if (rep.length < INT_MAX >> 2)
+{
+	nbytes = (long) rep.length << 2;
 
-nbytesRead = (long) (rep.nOutput * 4 +
-			 rep.nPossibleOutput * 4);
+	nbytesRead = (long) (rep.nOutput * 4 +
+			 rep.nPossibleOutput * 4);
 
-/*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+	/*
+	 * first we must compute how much space to allocate for
+	 * randr library's use; we'll allocate the structures in a single
+	 * allocation, on cleanlyness grounds.
+	 */
 
-rbytes = (sizeof (XRRCrtcInfo) +
-	  rep.nOutput * sizeof (RROutput) +
-	  rep.nPossibleOutput * sizeof (RROutput));
+	rbytes = (sizeof (XRRCrtcInfo) +
+		  rep.nOutput * sizeof (RROutput) +
+		  rep.nPossibleOutput * sizeof (RROutput));
+
+	xci = (XRRCrtcInfo *) Xmalloc(rbytes);
+}
+else
+{
+	nbytes = 0;
+	nbytesRead = 0;
+	rbytes = 0;
+	xci = NULL;
+}
 
-xci = (XRRCrtcInfo *) Xmalloc(rbytes);
 if (xci == NULL) {
 	_XEatDataWords (dpy, rep.length);
 	UnlockDisplay (dpy);
@@ -194,12 +206,21 @@ XRRGetCrtcGamma (Display *dpy, RRCrtc crtc)
 if (!_XReply (dpy, (xReply *) , 0, xFalse))
 	goto out;
 
-nbytes = (long) rep.length << 2;
+if (rep.length < INT_MAX >> 2)
+{
+	nbytes = (long) rep.length << 2;
 
-/* three channels of CARD16 data */
-nbytesRead = (rep.size * 2 * 3);
+	/* three channels of CARD16 data */
+	nbytesRead = (rep.size * 2 * 3);
 
-crtc_gamma = XRRAllocGamma (rep.size);
+	crtc_gamma = XRRAllocGamma (rep.size);
+}
+else
+{
+	nbytes = 0;
+	nbytesRead = 0;
+	crtc_gamma = NULL;
+}
 
 if (!crtc_gamma)
 {
@@ -357,7 +378,7 @@ XRRGetCrtcTransform (Display	*dpy,
 xRRGetCrtcTransformReq	*req;
 intmajor_version, minor_version;
 XRRCrtcTransformAttributes	*attr;
-char			*extra = NULL, *e;
+char			*extra = NULL, *end = NULL, *e;
 intp;
 
 *attributes = NULL;
@@ -395,9 +416,17 @@ XRRGetCrtcTransform (Display	*dpy,
 	else
 	{
 	int extraBytes = rep.length * 4 -

Processed: Re: Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

2017-09-09 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 - moreinfo
Bug #852952 [release.debian.org] jessie-pu: package libxrandr/2:1.4.2-1+deb8u1
Removed tag(s) moreinfo.

-- 
852952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

2017-01-28 Thread Julien Cristau

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

As with libx11 and libxfixes...

Cheers,
Julien

diff -u libxrandr-1.4.2/debian/changelog libxrandr-1.4.2/debian/changelog
--- libxrandr-1.4.2/debian/changelog
+++ libxrandr-1.4.2/debian/changelog
@@ -1,3 +1,10 @@
+libxrandr (2:1.4.2-1+deb8u1) jessie; urgency=medium
+
+  * Avoid out of boundary accesses on illegal responses.  Addresses
+CVE-2016-7947 and CVE-2016-7948.
+
+ -- Julien Cristau   Sat, 28 Jan 2017 15:00:17 +0100
+
 libxrandr (2:1.4.2-1) sid; urgency=medium
 
   * New upstream release.
only in patch2:
unchanged:
--- libxrandr-1.4.2.orig/src/XrrConfig.c
+++ libxrandr-1.4.2/src/XrrConfig.c
@@ -29,6 +29,7 @@
 #include 
 #endif
 
+#include 
 #include 
 #include 
 /* we need to be able to manipulate the Display structure on events */
@@ -272,23 +273,30 @@
rep.rate = 0;
rep.nrateEnts = 0;
 }
+if (rep.length < INT_MAX >> 2) {
+   nbytes = (long) rep.length << 2;
 
-nbytes = (long) rep.length << 2;
+   nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
+   ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */);
 
-nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
-((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */);
+   /*
+* first we must compute how much space to allocate for
+* randr library's use; we'll allocate the structures in a single
+* allocation, on cleanlyness grounds.
+*/
+
+   rbytes = sizeof (XRRScreenConfiguration) +
+ (rep.nSizes * sizeof (XRRScreenSize) +
+  rep.nrateEnts * sizeof (int));
 
-/*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
-
-rbytes = sizeof (XRRScreenConfiguration) +
-  (rep.nSizes * sizeof (XRRScreenSize) +
-   rep.nrateEnts * sizeof (int));
+   scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
+} else {
+   nbytes = 0;
+   nbytesRead = 0;
+   rbytes = 0;
+   scp = NULL;
+}
 
-scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
 if (scp == NULL) {
_XEatData (dpy, (unsigned long) nbytes);
return NULL;
only in patch2:
unchanged:
--- libxrandr-1.4.2.orig/src/XrrCrtc.c
+++ libxrandr-1.4.2/src/XrrCrtc.c
@@ -24,6 +24,7 @@
 #include 
 #endif
 
+#include 
 #include 
 #include 
 /* we need to be able to manipulate the Display structure on events */
@@ -57,22 +58,33 @@
return NULL;
 }
 
-nbytes = (long) rep.length << 2;
+if (rep.length < INT_MAX >> 2)
+{
+   nbytes = (long) rep.length << 2;
 
-nbytesRead = (long) (rep.nOutput * 4 +
-rep.nPossibleOutput * 4);
+   nbytesRead = (long) (rep.nOutput * 4 +
+rep.nPossibleOutput * 4);
 
-/*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+   /*
+* first we must compute how much space to allocate for
+* randr library's use; we'll allocate the structures in a single
+* allocation, on cleanlyness grounds.
+*/
+
+   rbytes = (sizeof (XRRCrtcInfo) +
+ rep.nOutput * sizeof (RROutput) +
+ rep.nPossibleOutput * sizeof (RROutput));
 
-rbytes = (sizeof (XRRCrtcInfo) +
- rep.nOutput * sizeof (RROutput) +
- rep.nPossibleOutput * sizeof (RROutput));
+   xci = (XRRCrtcInfo *) Xmalloc(rbytes);
+}
+else
+{
+   nbytes = 0;
+   nbytesRead = 0;
+   rbytes = 0;
+   xci = NULL;
+}
 
-xci = (XRRCrtcInfo *) Xmalloc(rbytes);
 if (xci == NULL) {
_XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
@@ -194,12 +206,21 @@
 if (!_XReply (dpy, (xReply *) , 0, xFalse))
goto out;
 
-nbytes = (long) rep.length << 2;
+if (rep.length < INT_MAX >> 2)
+{
+   nbytes = (long) rep.length << 2;
 
-/* three channels of CARD16 data */
-nbytesRead = (rep.size * 2 * 3);
+   /* three channels of CARD16 data */
+   nbytesRead = (rep.size * 2 * 3);
 
-crtc_gamma = XRRAllocGamma (rep.size);
+   crtc_gamma = XRRAllocGamma (rep.size);
+}
+else
+{
+   nbytes = 0;
+   nbytesRead = 0;
+   crtc_gamma = NULL;
+}
 
 if (!crtc_gamma)
 {
@@ -357,7 +378,7 @@
 xRRGetCrtcTransformReq *req;
 intmajor_version, minor_version;
 XRRCrtcTransformAttributes *attr;
-char   *extra = NULL, *e;
+char   *extra = NULL, *end = NULL, *e;
 intp;
 
 *attributes = NULL;
@@ -395,9 +416,17 @@

Processed: Re: Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

Processed: Re: Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

Processed: Re: Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

Bug#852952: jessie-pu: package libxrandr/2:1.4.2-1+deb8u1

7 matches

Site Navigation

Mail list logo

Footer information