← Back to branch summary

~ubuntu-branches/ubuntu/trusty/xorg-server-lts-utopic/trusty-proposed

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-8xxx/0015-render-unvalidated-lengths-in-Render-extn.-swapped-p.patch

  • Committer: Package Import Robot
  • Author(s): Maarten Lankhorst
  • Date: 2015-01-22 10:01:57 UTC
  • Revision ID: package-import@ubuntu.com-20150122100157-5lrwwj03k83gtn84
Tags: 2:1.16.0-1ubuntu1.2~trusty1
https://launchpad.net/bugs/1400626
Rebuild utopic package for lts-trusty for all archs. (LP: #1400626)

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2014-8xxx/0015-render-unvalidated-lengths-in-Render-extn.-swapped-p.patch
 
1
From c21e46f03bd2096aaed666d91a3188a5676f6222 Mon Sep 17 00:00:00 2001
 
2
From: Alan Coopersmith <alan.coopersmith@oracle.com>
 
3
Date: Sun, 26 Jan 2014 19:51:29 -0800
 
4
Subject: [PATCH 15/33] render: unvalidated lengths in Render extn. swapped
 
5
 procs [CVE-2014-8100 2/2]
 
6
 
 
7
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
 
8
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
 
9
---
 
10
 render/render.c |   16 +++++++++++++++-
 
11
 1 file changed, 15 insertions(+), 1 deletion(-)
 
12
 
 
13
diff --git a/render/render.c b/render/render.c
 
14
index 200e0c8..723f380 100644
 
15
--- a/render/render.c
 
16
+++ b/render/render.c
 
17
@@ -1995,7 +1995,7 @@ static int
 
18
 SProcRenderQueryVersion(ClientPtr client)
 
19
 {
 
20
     REQUEST(xRenderQueryVersionReq);
 
21
-
 
22
+    REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
 
23
     swaps(&stuff->length);
 
24
     swapl(&stuff->majorVersion);
 
25
     swapl(&stuff->minorVersion);
 
26
@@ -2006,6 +2006,7 @@ static int
 
27
 SProcRenderQueryPictFormats(ClientPtr client)
 
28
 {
 
29
     REQUEST(xRenderQueryPictFormatsReq);
 
30
+    REQUEST_SIZE_MATCH(xRenderQueryPictFormatsReq);
 
31
     swaps(&stuff->length);
 
32
     return (*ProcRenderVector[stuff->renderReqType]) (client);
 
33
 }
 
34
@@ -2014,6 +2015,7 @@ static int
 
35
 SProcRenderQueryPictIndexValues(ClientPtr client)
 
36
 {
 
37
     REQUEST(xRenderQueryPictIndexValuesReq);
 
38
+    REQUEST_AT_LEAST_SIZE(xRenderQueryPictIndexValuesReq);
 
39
     swaps(&stuff->length);
 
40
     swapl(&stuff->format);
 
41
     return (*ProcRenderVector[stuff->renderReqType]) (client);
 
42
@@ -2029,6 +2031,7 @@ static int
 
43
 SProcRenderCreatePicture(ClientPtr client)
 
44
 {
 
45
     REQUEST(xRenderCreatePictureReq);
 
46
+    REQUEST_AT_LEAST_SIZE(xRenderCreatePictureReq);
 
47
     swaps(&stuff->length);
 
48
     swapl(&stuff->pid);
 
49
     swapl(&stuff->drawable);
 
50
@@ -2042,6 +2045,7 @@ static int
 
51
 SProcRenderChangePicture(ClientPtr client)
 
52
 {
 
53
     REQUEST(xRenderChangePictureReq);
 
54
+    REQUEST_AT_LEAST_SIZE(xRenderChangePictureReq);
 
55
     swaps(&stuff->length);
 
56
     swapl(&stuff->picture);
 
57
     swapl(&stuff->mask);
 
58
@@ -2053,6 +2057,7 @@ static int
 
59
 SProcRenderSetPictureClipRectangles(ClientPtr client)
 
60
 {
 
61
     REQUEST(xRenderSetPictureClipRectanglesReq);
 
62
+    REQUEST_AT_LEAST_SIZE(xRenderSetPictureClipRectanglesReq);
 
63
     swaps(&stuff->length);
 
64
     swapl(&stuff->picture);
 
65
     swaps(&stuff->xOrigin);
 
66
@@ -2065,6 +2070,7 @@ static int
 
67
 SProcRenderFreePicture(ClientPtr client)
 
68
 {
 
69
     REQUEST(xRenderFreePictureReq);
 
70
+    REQUEST_SIZE_MATCH(xRenderFreePictureReq);
 
71
     swaps(&stuff->length);
 
72
     swapl(&stuff->picture);
 
73
     return (*ProcRenderVector[stuff->renderReqType]) (client);
 
74
@@ -2074,6 +2080,7 @@ static int
 
75
 SProcRenderComposite(ClientPtr client)
 
76
 {
 
77
     REQUEST(xRenderCompositeReq);
 
78
+    REQUEST_SIZE_MATCH(xRenderCompositeReq);
 
79
     swaps(&stuff->length);
 
80
     swapl(&stuff->src);
 
81
     swapl(&stuff->mask);
 
82
@@ -2093,6 +2100,7 @@ static int
 
83
 SProcRenderScale(ClientPtr client)
 
84
 {
 
85
     REQUEST(xRenderScaleReq);
 
86
+    REQUEST_SIZE_MATCH(xRenderScaleReq);
 
87
     swaps(&stuff->length);
 
88
     swapl(&stuff->src);
 
89
     swapl(&stuff->dst);
 
90
@@ -2193,6 +2201,7 @@ static int
 
91
 SProcRenderCreateGlyphSet(ClientPtr client)
 
92
 {
 
93
     REQUEST(xRenderCreateGlyphSetReq);
 
94
+    REQUEST_SIZE_MATCH(xRenderCreateGlyphSetReq);
 
95
     swaps(&stuff->length);
 
96
     swapl(&stuff->gsid);
 
97
     swapl(&stuff->format);
 
98
@@ -2203,6 +2212,7 @@ static int
 
99
 SProcRenderReferenceGlyphSet(ClientPtr client)
 
100
 {
 
101
     REQUEST(xRenderReferenceGlyphSetReq);
 
102
+    REQUEST_SIZE_MATCH(xRenderReferenceGlyphSetReq);
 
103
     swaps(&stuff->length);
 
104
     swapl(&stuff->gsid);
 
105
     swapl(&stuff->existing);
 
106
@@ -2213,6 +2223,7 @@ static int
 
107
 SProcRenderFreeGlyphSet(ClientPtr client)
 
108
 {
 
109
     REQUEST(xRenderFreeGlyphSetReq);
 
110
+    REQUEST_SIZE_MATCH(xRenderFreeGlyphSetReq);
 
111
     swaps(&stuff->length);
 
112
     swapl(&stuff->glyphset);
 
113
     return (*ProcRenderVector[stuff->renderReqType]) (client);
 
114
@@ -2227,6 +2238,7 @@ SProcRenderAddGlyphs(ClientPtr client)
 
115
     xGlyphInfo *gi;
 
116
 
 
117
     REQUEST(xRenderAddGlyphsReq);
 
118
+    REQUEST_AT_LEAST_SIZE(xRenderAddGlyphsReq);
 
119
     swaps(&stuff->length);
 
120
     swapl(&stuff->glyphset);
 
121
     swapl(&stuff->nglyphs);
 
122
@@ -2261,6 +2273,7 @@ static int
 
123
 SProcRenderFreeGlyphs(ClientPtr client)
 
124
 {
 
125
     REQUEST(xRenderFreeGlyphsReq);
 
126
+    REQUEST_AT_LEAST_SIZE(xRenderFreeGlyphsReq);
 
127
     swaps(&stuff->length);
 
128
     swapl(&stuff->glyphset);
 
129
     SwapRestL(stuff);
 
130
@@ -2278,6 +2291,7 @@ SProcRenderCompositeGlyphs(ClientPtr client)
 
131
     int size;
 
132
 
 
133
     REQUEST(xRenderCompositeGlyphsReq);
 
134
+    REQUEST_AT_LEAST_SIZE(xRenderCompositeGlyphsReq);
 
135
 
 
136
     switch (stuff->renderReqType) {
 
137
     default:
 
138
-- 
 
139
1.7.9.2
 
140