e20d4ef28d
- cve-2007-5760.patch: XFree86-Misc Extension Invalid Array Index Vulnerability - cve-2007-5958.patch: Xorg / XFree86 file existence disclosure vulnerability - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability - cve-2008-0006-server-fixup.patch: PCF Font Vulnerability - this patch isn't strictly required with new version of libXfont.
18 lines
709 B
Diff
18 lines
709 B
Diff
diff -up xorg-x11-6.8.2/xc/programs/Xserver/dix/dixfonts.c.jx xorg-x11-6.8.2/xc/programs/Xserver/dix/dixfonts.c
|
|
--- xorg-x11-6.8.2/xc/programs/Xserver/dix/dixfonts.c.jx 2004-04-23 15:04:44.000000000 -0400
|
|
+++ xorg-x11-server/dix/dixfonts.c 2008-01-14 11:15:00.000000000 -0500
|
|
@@ -339,6 +339,13 @@ doOpenFont(ClientPtr client, OFclosurePt
|
|
err = BadFontName;
|
|
goto bail;
|
|
}
|
|
+ /* check values for firstCol, lastCol, firstRow, and lastRow */
|
|
+ if (pfont->info.firstCol > pfont->info.lastCol ||
|
|
+ pfont->info.firstRow > pfont->info.lastRow ||
|
|
+ pfont->info.lastCol - pfont->info.firstCol > 255) {
|
|
+ err = AllocError;
|
|
+ goto bail;
|
|
+ }
|
|
if (!pfont->fpe)
|
|
pfont->fpe = fpe;
|
|
pfont->refcnt++;
|