projects / free-sw / xcb / libxcb / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e602b65) | patch
integer overflow in read_packet() [CVE-2013-2064]
authorAlan Coopersmith <alan.coopersmith@oracle.com>
Thu, 2 May 2013 00:59:31 +0000 (17:59 -0700)
committerAlan Coopersmith <alan.coopersmith@oracle.com>
Thu, 23 May 2013 15:12:13 +0000 (08:12 -0700)
commit1b33867fa996034deb50819ae54640be501f8d20
tree9fae9181b758023e052247ee17657eaee521bd4etree | snapshot
parente602b653c191e18cbb63db6526aac77c368ed70bcommit | diff
integer overflow in read_packet() [CVE-2013-2064]

Ensure that when calculating the size of the incoming response from the
Xserver, we don't overflow the integer used in the calculations when we
multiply the int32_t length by 4 and add it to the default response size.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
src/xcb_in.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.