ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-17 12:17:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix/gnu/packages/patches/xorg-server-CVE-2020-14347.patch
Mark H Weaver cf1d1f4f79
gnu: xorg-server: Fix CVE-2020-14347 via graft. 
* gnu/packages/patches/xorg-server-CVE-2020-14347.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (xorg-server/fixed): New variable.
(xorg-server)[replacement]: New field.
(xorg-server-wayland): Use package/inherit.
2020-08-01 11:11:58 -04:00

33 lines
1 KiB
Diff
Raw Blame History

From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@herrb.eu>
Date: Sat, 25 Jul 2020 19:33:23 +0200
Subject: [PATCH] fix for ZDI-11426
Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
dix/pixmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dix/pixmap.c b/dix/pixmap.c
index 1186d7dbb..5a0146bbb 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
return NullPixmap;
- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
if (!pPixmap)
return NullPixmap;
--
2.27.0
Reference in a new issue View git blame Copy permalink