summaryrefslogtreecommitdiff
path: root/COPYING
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2013-03-09 22:55:23 -0800
committerAlan Coopersmith <alan.coopersmith@oracle.com>2013-05-23 08:13:26 -0700
commitbb922ed4253b35590f0369f32a917ff89ade0830 (patch)
treee7160132539dabe06a8d467e4d0ca302c7a51c17 /COPYING
parent6dd6dc51a2935c72774be81e5cc2ba2c30e9feff (diff)
integer overflow in XGetDeviceMotionEvents() [CVE-2013-1984 4/8]
If the number of events or axes reported by the server is large enough that it overflows when multiplied by the size of the appropriate struct, then memory corruption can occur when more bytes are copied from the X server reply than the size of the buffer we allocated to hold them. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions