OSDN Git Service

(root) / android-x86 / external-mesa.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 51498a3) | patch
integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]
authorAlan Coopersmith <alan.coopersmith@oracle.com>
Fri, 26 Apr 2013 23:31:58 +0000 (16:31 -0700)
committerAlan Coopersmith <alan.coopersmith@oracle.com>
Fri, 31 May 2013 01:03:39 +0000 (18:03 -0700)
commit2e5a268f18be30df15aed0b44b01a18a37fb5df4
tree968c4c4cb3b42029b72785396766aaabd4a421b5tree | snapshot
parent51498a3e71ebffb7eac4b0376045bf28c5c76e17commit | diff
integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]

busIdStringLength is a CARD32 and needs to be bounds checked before adding
one to it to come up with the total size to allocate, to avoid integer
overflow leading to underallocation and writing data from the network past
the end of the allocated buffer.

NOTE: This is a candidate for stable release branches.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Brian Paul <brianp@vmware.com>
src/glx/XF86dri.c diff | blob | history
external/mesa
About OSDN
Find Software
Develop Software
Help