13523 – TOG-CUP Extension Memory Corruption Vulnerability

Bug 13523 - TOG-CUP Extension Memory Corruption Vulnerability

Summary: TOG-CUP Extension Memory Corruption Vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	xorg
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	7.3 (2007.09)
Hardware:	Other All

Importance:	medium normal
Assignee:	X.Org Security
QA Contact:	X.Org Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-12-04 13:00 UTC by Matthieu Herrb
Modified:	2008-01-17 08:29 UTC (History)
CC List:	2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
Draft advisory (4.44 KB, text/plain) 2007-12-04 13:01 UTC, Matthieu Herrb	no flags	Details
Proposed fix (527 bytes, patch) 2007-12-11 11:59 UTC, Adam Jackson	no flags	Details \| Splinter Review
Testcase (1.29 KB, text/x-csrc) 2007-12-12 17:43 UTC, Alan Coopersmith	no flags	Details
View All

Description Matthieu Herrb 2007-12-04 13:00:26 UTC

iDefense has sent us the attached draft advisory

Comment 1 Matthieu Herrb 2007-12-04 13:01:08 UTC

Created attachment 12943 [details]
Draft advisory

Comment 2 Adam Jackson 2007-12-11 11:59:34 UTC

Created attachment 13035 [details] [review]
Proposed fix

Comment 3 Alan Coopersmith 2007-12-12 17:43:45 UTC

Created attachment 13076 [details]
Testcase

Testcase - crashes Xorg & Xephyr on Solaris/x86 without the fix, 
correctly gets BadValue when proposed patch from ajax is in place.

Comment 4 Matthieu Herrb 2008-01-17 08:29:43 UTC

Patch has been committed: 7dc1717ff0f96b99271a912b8948dfce5164d5ad and this is public now

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.