e9927e694f
Check X.Org Security Advisory [1] for more information. [1] https://lists.x.org/archives/xorg-announce/2023-October/003424.html Resolves: https://issues.redhat.com/browse/RHEL-12416
48 lines
1.4 KiB
Diff
48 lines
1.4 KiB
Diff
From b4031fc023816aca07fbd592ed97010b9b48784b Mon Sep 17 00:00:00 2001
|
|
From: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Date: Thu, 7 Sep 2023 16:12:27 -0700
|
|
Subject: [PATCH 3/3] XCreatePixmap: trigger BadValue error for out-of-range
|
|
dimensions
|
|
|
|
The CreatePixmap request specifies height & width of the image as CARD16
|
|
(unsigned 16-bit integer), so if either is larger than that, set it to 0
|
|
so the X server returns a BadValue error as the protocol requires.
|
|
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
---
|
|
src/CrPixmap.c | 11 +++++++++++
|
|
1 file changed, 11 insertions(+)
|
|
|
|
diff --git a/src/CrPixmap.c b/src/CrPixmap.c
|
|
index cdf31207..3cb2ca6d 100644
|
|
--- a/src/CrPixmap.c
|
|
+++ b/src/CrPixmap.c
|
|
@@ -28,6 +28,7 @@ in this Software without prior written authorization from The Open Group.
|
|
#include <config.h>
|
|
#endif
|
|
#include "Xlibint.h"
|
|
+#include <limits.h>
|
|
|
|
#ifdef USE_DYNAMIC_XCURSOR
|
|
void
|
|
@@ -47,6 +48,16 @@ Pixmap XCreatePixmap (
|
|
Pixmap pid;
|
|
register xCreatePixmapReq *req;
|
|
|
|
+ /*
|
|
+ * Force a BadValue X Error if the requested dimensions are larger
|
|
+ * than the X11 protocol has room for, since that's how callers expect
|
|
+ * to get notified of errors.
|
|
+ */
|
|
+ if (width > USHRT_MAX)
|
|
+ width = 0;
|
|
+ if (height > USHRT_MAX)
|
|
+ height = 0;
|
|
+
|
|
LockDisplay(dpy);
|
|
GetReq(CreatePixmap, req);
|
|
req->drawable = d;
|
|
--
|
|
2.41.0
|
|
|