[Pkg-tigervnc-devel] Bug#849478: closed by Ola Lundqvist <opal at debian.org> (Re: Bug#849478: tigervnc: CVE-2014-8241: NULL pointer dereference flaw in XRegion)

[Salvatore Bonaccorso]

Control: reopen -1
Control: found -1 1.6.0+dfsg-4

On Thu, Dec 29, 2016 at 07:18:11PM +0000, Debian Bug Tracking System wrote:
> Hi Salvatore
> 
> I have looked into this bug however and this one is indeed solved.
> Unless I'm looking with very grumble eyes (I probably do as I should
> be in bed).

The problem should be in lines 1079-1090:

1077     else
1078     {
1079         /*
1080          * No point in doing the extra work involved in an Xrealloc if
1081          * the region is empty
1082          */
1083         newReg->size = 1;
1084         Xfree((char *) newReg->rects);
1085         newReg->rects = (BoxPtr) Xmalloc(sizeof(BoxRec));
1086     }
1087     }
1088     Xfree ((char *) oldRects);
1089     return;
1090 }

The patch from Red Hat, does add a check for newReg->rects, which in above is
missing (cf. Lines after 1085).

Hope this helps.

Regards,
Salvatore