diff options
Diffstat (limited to 'src/XGetDCtl.c')
| -rw-r--r-- | src/XGetDCtl.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/XGetDCtl.c b/src/XGetDCtl.c index c5d3b53..7f6b396 100644 --- a/src/XGetDCtl.c +++ b/src/XGetDCtl.c @@ -93,7 +93,8 @@ XGetDeviceControl( if (rep.length > 0) { unsigned long nbytes; size_t size = 0; - if (rep.length < (INT_MAX >> 2)) { + if (rep.length < (INT_MAX >> 2) && + (rep.length << 2) >= sizeof(xDeviceState)) { nbytes = (unsigned long) rep.length << 2; d = Xmalloc(nbytes); } @@ -117,7 +118,8 @@ XGetDeviceControl( size_t val_size; r = (xDeviceResolutionState *) d; - if (r->num_valuators >= (INT_MAX / (3 * sizeof(int)))) + if (sizeof(xDeviceResolutionState) > nbytes || + r->num_valuators >= (INT_MAX / (3 * sizeof(int)))) goto out; val_size = 3 * sizeof(int) * r->num_valuators; if ((sizeof(xDeviceResolutionState) + val_size) > nbytes) |