Mercurial Mercurial > upstream > oracle > x-cons > x-s11-update-clone / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
open-src/xserver/xvnc/CVE-2014-8240.patch
author Niveditha Rau <Niveditha.Rau@Oracle.COM>
Fri, 24 Apr 2015 08:05:44 -0700
changeset 1458 34b08166bf33
permissions -rw-r--r--
19811326 problem in X11/VNC 20738319 Refactor gtf(1) out of the primary X server package
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1458
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
     1
 
--- a/unix/x0vncserver/Image.cxx	Wed Oct 22 10:30:27 2014
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
     2
 
+++ b/unix/x0vncserver/Image.cxx	Wed Oct 22 10:46:12 2014
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
     3
 
@@ -79,6 +79,13 @@
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
     4
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
     5
 
   xim = XCreateImage(dpy, vis, DefaultDepth(dpy, DefaultScreen(dpy)),
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
     6
 
                      ZPixmap, 0, 0, width, height, BitmapPad(dpy), 0);
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
     7
 
+  if (xim->bytes_per_line <= 0 ||
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
     8
 
+      xim->height <= 0 ||
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
     9
 
+      xim->height >= INT_MAX / xim->bytes_per_line) {
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    10
 
+    vlog.error("Invalid display size");
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    11
 
+    XDestroyImage(xim);
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    12
 
+    exit(1);
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    13
 
+  }
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    14
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    15
 
   xim->data = (char *)malloc(xim->bytes_per_line * xim->height);
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    16
 
   if (xim->data == NULL) {
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    17
 
@@ -256,6 +263,17 @@
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    18
 
     return;
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    19
 
   }
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    20
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    21
 
+  if (xim->bytes_per_line <= 0 ||
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    22
 
+      xim->height <= 0 ||
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    23
 
+      xim->height >= INT_MAX / xim->bytes_per_line) {
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    24
 
+    vlog.error("Invalid display size");
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    25
 
+    XDestroyImage(xim);
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    26
 
+    xim = NULL;
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    27
 
+    delete shminfo;
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    28
 
+    shminfo = NULL;
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    29
 
+    return;
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    30
 
+  }
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    31
 
+
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    32
 
   shminfo->shmid = shmget(IPC_PRIVATE,
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    33
 
                           xim->bytes_per_line * xim->height,
34b08166bf33 19811326 problem in X11/VNC
Niveditha Rau <Niveditha.Rau@Oracle.COM>
parents:
diff changeset 
    34
 
                           IPC_CREAT|0777);
upstream/oracle/x-cons/x-s11-update-clone