<feed xmlns='http://www.w3.org/2005/Atom'>
<title>nx-libs/nx-X11/programs/Xserver/dix/dispatch.c, branch pr/render-cleanup</title>
<subtitle>NXv3 (redistributed) 
</subtitle>
<id>https://openid.arctica-project.org/nx-libs/atom?h=pr%2Frender-cleanup</id>
<link rel='self' href='https://openid.arctica-project.org/nx-libs/atom?h=pr%2Frender-cleanup'/>
<link rel='alternate' type='text/html' href='https://openid.arctica-project.org/nx-libs/'/>
<updated>2015-05-01T11:17:03+00:00</updated>
<entry>
<title>dix: Allow zero-height PutImage requests (fix for X.Org's CVE-2015-3418).</title>
<updated>2015-05-01T11:17:03+00:00</updated>
<author>
<name>Keith Packard</name>
<email>keithp@keithp.com</email>
</author>
<published>2015-05-01T11:09:24+00:00</published>
<link rel='alternate' type='text/html' href='https://openid.arctica-project.org/nx-libs/commit/?id=dba779d9f99ab2fc6bf05c78515dbdd82840cadd'/>
<id>urn:sha1:dba779d9f99ab2fc6bf05c78515dbdd82840cadd</id>
<content type='text'>
 The length checking code validates PutImage height and byte width by
 making sure that byte-width &gt;= INT32_MAX / height. If height is zero,
 this generates a divide by zero exception. Allow zero height requests
 explicitly, bypassing the INT32_MAX check.

 Fix for regression introduced by fix for CVE-2014-8092.

 v2: backports to nx-libs 3.6.x (Mike Gabriel)
 Signed-off-by: Keith Packard &lt;keithp@keithp.com&gt;
</content>
</entry>
<entry>
<title>dix: integer overflow in ProcPutImage() [CVE-2014-8092 1/4]</title>
<updated>2015-02-14T15:14:31+00:00</updated>
<author>
<name>Alan Coopersmith</name>
<email>alan.coopersmith@oracle.com</email>
</author>
<published>2014-01-23T05:11:16+00:00</published>
<link rel='alternate' type='text/html' href='https://openid.arctica-project.org/nx-libs/commit/?id=c1225fe6451d7a5f3741ce0fff8f54e38e0a14da'/>
<id>urn:sha1:c1225fe6451d7a5f3741ce0fff8f54e38e0a14da</id>
<content type='text'>
ProcPutImage() calculates a length field from a width, left pad and depth
specified by the client (if the specified format is XYPixmap).

The calculations for the total amount of memory the server needs for the
pixmap can overflow a 32-bit number, causing out-of-bounds memory writes
on 32-bit systems (since the length is stored in a long int variable).

v2: backport to nx-libs 3.6.x (Mike DePaulo)
Reported-by: Ilja Van Sprundel &lt;ivansprundel@ioactive.com&gt;
Signed-off-by: Alan Coopersmith &lt;alan.coopersmith@oracle.com&gt;
Reviewed-by: Peter Hutterer &lt;peter.hutterer@who-t.net&gt;

Conflicts:
	dix/dispatch.c
</content>
</entry>
<entry>
<title>Imported nx-X11-3.1.0-1.tar.gz</title>
<updated>2011-10-10T15:43:39+00:00</updated>
<author>
<name>Reinhard Tartler</name>
<email>siretart@tauware.de</email>
</author>
<published>2011-10-10T15:43:39+00:00</published>
<link rel='alternate' type='text/html' href='https://openid.arctica-project.org/nx-libs/commit/?id=f4092abdf94af6a99aff944d6264bc1284e8bdd4'/>
<id>urn:sha1:f4092abdf94af6a99aff944d6264bc1284e8bdd4</id>
<content type='text'>
Summary: Imported nx-X11-3.1.0-1.tar.gz
Keywords:

Imported nx-X11-3.1.0-1.tar.gz
into Git repository
</content>
</entry>
</feed>
