Bug 13524

Summary:

XFree86-Misc Extension Invalid Array Index Vulnerability

Product:

xorg

Reporter:

Matthieu Herrb <matthieu.herrb>

Component:

Security

Assignee:

X.Org Security <xorg_security>

Status:

RESOLVED FIXED

QA Contact:

X.Org Security <xorg_security>

Severity:

normal

Priority:

medium

CC:

alan.coopersmith, jcristau, sndirsch

Version:

7.3 (2007.09)

Hardware:

Other

OS:

All

Whiteboard:

i915 platform:

i915 features:

Attachments:

Description	Flags
Draft advisory	none
Proposed fix	none
Testcase	none

Description Matthieu Herrb 2007-12-04 13:02:23 UTC

iDefense has sent us the attached draft advisory

Comment 1 Matthieu Herrb 2007-12-04 13:03:10 UTC

Created attachment 12944 [details]
Draft advisory

Comment 2 Adam Jackson 2007-12-11 12:02:56 UTC

Summary is wrong, this is a bug in XFree86-Misc, not XC-MISC.

The advisory should absolutely not recommend disabling XC-MISC, it is not affected, and it's basically not possible to run any large app without XC-MISC enabled.

Comment 3 Adam Jackson 2007-12-11 12:03:38 UTC

Created attachment 13036 [details] [review]
Proposed fix

Comment 4 Alan Coopersmith 2007-12-13 18:19:41 UTC

(In reply to comment #3)

Shouldn't that be >= xf86NumScreens ?   Do we also need to check for < 0 since
it's a signed int?

Comment 5 Alan Coopersmith 2007-12-13 18:42:27 UTC

Created attachment 13098 [details]
Testcase

Testcase for this bug - it crashes Xorg on a single head system when run with an 
argument of 1 for the screen number with the ">" fix in, so it appears ">=" is 
needed.

Comment 6 Matthieu Herrb 2008-01-17 08:30:33 UTC

Patch has been committed: bbde5b62a137ba726a747b838d81e92d72c1b42b and this is public now

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.