[Pkg-tigervnc-devel] Bug#849479: tigervnc: CVE-2014-8240: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
Ola Lundqvist
opal at debian.org
Thu Dec 29 19:13:50 UTC 2016
Hi
Yes you are right. I misread the code. Thank you very much for noticing.
// Ola
On 29 December 2016 at 06:07, Salvatore Bonaccorso <carnil at debian.org> wrote:
> Example, we have the following code in Image.cxx (all Debian patches
> applied):
>
> 75 void Image::Init(int width, int height)
> 76 {
> 77 Visual* vis = DefaultVisual(dpy, DefaultScreen(dpy));
> 78 trueColor = (vis->c_class == TrueColor);
> 79
> 80 xim = XCreateImage(dpy, vis, DefaultDepth(dpy, DefaultScreen(dpy)),
> 81 ZPixmap, 0, 0, width, height, BitmapPad(dpy), 0);
> 82
> 83 xim->data = (char *)malloc(xim->bytes_per_line * xim->height);
>
> The referenced Red Hat patch will first validate xim->byptes_per_line
> et al.
>
> Regards,
> Salvatore
--
--------------------- Ola Lundqvist ---------------------------
/ opal at debian.org Folkebogatan 26 \
| ola at inguza.com 654 68 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
More information about the Pkg-tigervnc-devel
mailing list