CVSROOT: /cvs
Module name: xenocara
Changes by: matth...@cvs.openbsd.org 2016/10/04 09:03:48
Modified files:
lib/libXrender/src: Filter.c
Log message:
Avoid OOB write in XRenderQueryFilters
The memory for filter names is reserved right after receiving the reply.
After that, filters are iterated and each individual filter name is
stored in that reserved memory.
The individual name lengths are not checked for validity, which means
that a malicious server can reserve less memory than it will write to
during each iteration.
>From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
