Module Name: xsrc Committed By: mrg Date: Tue Feb 7 07:29:44 UTC 2023
Modified Files: xsrc/external/mit/xorg-server.old/dist/Xi: exevents.c Log Message: pullover fix from xorg-server 21.1.7: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec Xi: fix potential use-after-free in DeepCopyPointerClasses CVE-2023-0494, ZDI-CAN-19596 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer's avatarPeter Hutterer <peter.hutte...@who-t.net> To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 \ xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c diff -u xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.2 --- xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1 Thu Jun 9 09:07:56 2016 +++ xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c Tue Feb 7 07:29:44 2023 @@ -586,8 +586,10 @@ DeepCopyPointerClasses(DeviceIntPtr from } memcpy(to->button->xkb_acts, from->button->xkb_acts, sizeof(XkbAction)); - } else + } else { free(to->button->xkb_acts); + to->button->xkb_acts = NULL; + } memcpy(to->button->labels, from->button->labels, from->button->numButtons * sizeof(Atom));