On Mon, 2017-03-13 at 19:13 +0100, Tobias Stoeckmann wrote: > ProcRenderCreateRadialGradient and ProcRenderCreateConicalGradient must > be protected against an integer overflow during length check. This is > already included in ProcRenderCreateLinearGradient since the fix for > CVE-2008-2362. > > This can only be successfully exploited on a 32 bit system for an > out of boundary read later on. Validated by using ASAN.
remote: I: patch #143811 updated using rev ac15d4cecca377c5c31ab852c39bbd554ca48fe2. remote: I: 1 patch(es) updated to state Accepted. To ssh://git.freedesktop.org/git/xorg/xserver 0c1574d..ac15d4c master -> master - ajax _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
