Stack buffer overflow in XGetDeviceButtonMapping() [CVE-2013-1998 1/3]

We copy the entire reply sent by the server into the fixed size
mapping[] array on the stack, even if the server says it's a larger
size than the mapping array can hold.  HULK SMASH STACK!

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

0 files changed, 0 insertions, 0 deletions