Projects
Essentials
A_15.6-Mesa
u_mesa-CVE-2023-45919.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File u_mesa-CVE-2023-45919.patch of Package A_15.6-Mesa
src/glx/glx_query.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) Index: mesa-23.3.4/src/glx/glx_query.c =================================================================== --- mesa-23.3.4.orig/src/glx/glx_query.c +++ mesa-23.3.4/src/glx/glx_query.c @@ -56,6 +56,13 @@ __glXQueryServerString(Display * dpy, CA /* The spec doesn't mention this, but the Xorg server replies with * a string already terminated with '\0'. */ uint32_t len = xcb_glx_query_server_string_string_length(reply); + /* Allow a max of 64kb string length */ + size_t reply_len = strnlen(xcb_glx_query_server_string_string(reply), 64*1024); + if (reply_len + 1 != len) + { + free(reply); + return(NULL); + } char *buf = malloc(len); memcpy(buf, xcb_glx_query_server_string_string(reply), len); free(reply); @@ -83,6 +90,12 @@ __glXGetString(Display * dpy, CARD32 con /* The spec doesn't mention this, but the Xorg server replies with * a string already terminated with '\0'. */ uint32_t len = xcb_glx_get_string_string_length(reply); + size_t reply_len = strnlen(xcb_glx_get_string_string(reply), 64*1024); + if (reply_len + 1 != len) + { + free(reply); + return(NULL); + } char *buf = malloc(len); memcpy(buf, xcb_glx_get_string_string(reply), len); free(reply);
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.