Bug 13523

Summary:

TOG-CUP Extension Memory Corruption Vulnerability

Product:

xorg

Reporter:

Matthieu Herrb <matthieu.herrb>

Component:

Security

Assignee:

X.Org Security <xorg_security>

Status:

RESOLVED FIXED

QA Contact:

X.Org Security <xorg_security>

Severity:

normal

Priority:

medium

CC:

jcristau, sndirsch

Version:

7.3 (2007.09)

Hardware:

Other

OS:

All

Whiteboard:

i915 platform:

i915 features:

Attachments:

Description	Flags
Draft advisory	none
Proposed fix	none
Testcase	none

Description Matthieu Herrb 2007-12-04 13:00:26 UTC

iDefense has sent us the attached draft advisory

Comment 1 Matthieu Herrb 2007-12-04 13:01:08 UTC

Created attachment 12943 [details]
Draft advisory

Comment 2 Adam Jackson 2007-12-11 11:59:34 UTC

Created attachment 13035 [details] [review]
Proposed fix

Comment 3 Alan Coopersmith 2007-12-12 17:43:45 UTC

Created attachment 13076 [details]
Testcase

Testcase - crashes Xorg & Xephyr on Solaris/x86 without the fix, 
correctly gets BadValue when proposed patch from ajax is in place.

Comment 4 Matthieu Herrb 2008-01-17 08:29:43 UTC

Patch has been committed: 7dc1717ff0f96b99271a912b8948dfce5164d5ad and this is public now

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.