Bug 11857

Summary:

XTrap/xtrapdi.c buffer overflow "by one"

Product:

xorg

Reporter:

Roland "Test-tools" Bär <roland>

Component:

Server/General

Assignee:

Xorg Project Team <xorg-team>

Status:

RESOLVED FIXED

QA Contact:

Xorg Project Team <xorg-team>

Severity:

normal

Priority:

low

Keywords:

janitor, patch

Version:

git

Hardware:

All

OS:

All

Whiteboard:

i915 platform:

i915 features:

Attachments:

Description	Flags
> to >= patch for XTrap/xtrapdi.c	none

Description Roland "Test-tools" Bär 2007-08-06 00:58:27 UTC

In XTrap/xtrapdi.c function XETrapCreateEnv() we need to check here >= instead of >
  if (client->index > MAXCLIENTS)
Otherwise it would overrun the array by one in
- direct following "else if"
- Inside function FakeClientID() called from line 504.

Please apply attached patch

Comment 1 Roland "Test-tools" Bär 2007-08-06 00:59:44 UTC

Created attachment 11004 [details] [review]
> to >= patch for XTrap/xtrapdi.c

Comment 2 Adam Jackson 2008-06-24 11:18:29 UTC

Fixed in master and 1.5 branch, thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.