Re: [PATCH xserver] Fix OOB access in ProcRecordUnregisterClients

Adam Jackson Mon, 20 Mar 2017 13:21:06 -0700

On Sun, 2017-03-19 at 17:55 +0100, Tobias Stoeckmann wrote:
> If a client sends a RecordUnregisterClients request with an nClients
> field larger than INT_MAX / 4, an integer overflow leads to an
> out of boundary access in RecordSanityCheckClientSpecifiers.
> 
> An example line with libXtst would be:
> XRecordUnregisterClients(dpy, rc, clients, 0x40000001);


Merged:

remote: I: patch #144840 updated using rev 
40c12a76c2ae57adefd3b1d412387ebbfe2fb784.
remote: I: 1 patch(es) updated to state Accepted.
To ssh://git.freedesktop.org/git/xorg/xserver
   1ad2306..40c12a7  master -> master

- ajax
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel

Re: [PATCH xserver] Fix OOB access in ProcRecordUnregisterClients

Reply via email to