Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
libX11
U_0002-CVE-2023-43786-stack-exhaustion-from-inf...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch of Package libX11
From 204c3393c4c90a29ed6bef64e43849536e863a86 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersmith@oracle.com> Date: Thu, 7 Sep 2023 15:54:30 -0700 Subject: [PATCH libX11 2/5] CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() When splitting a single line of pixels into chunks to send to the X server, be sure to take into account the number of bits per pixel, so we don't just loop forever trying to send more pixels than fit in the given request size and not breaking them down into a small enough chunk to fix. Fixes: "almost complete rewrite" (Dec. 12, 1987) from X11R2 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> --- src/PutImage.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) Index: libX11-1.6.5/src/PutImage.c =================================================================== --- libX11-1.6.5.orig/src/PutImage.c +++ libX11-1.6.5/src/PutImage.c @@ -913,8 +913,9 @@ PutSubImage ( req_width, req_height - SubImageHeight, dest_bits_per_pixel, dest_scanline_pad); } else { - int SubImageWidth = (((Available << 3) / dest_scanline_pad) - * dest_scanline_pad) - left_pad; + int SubImageWidth = ((((Available << 3) / dest_scanline_pad) + * dest_scanline_pad) - left_pad) + / dest_bits_per_pixel; PutSubImage(dpy, d, gc, image, req_xoffset, req_yoffset, x, y, (unsigned int) SubImageWidth, 1,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor