openbsd/xenocara
1
0
Fork 0
mirror of https://github.com/openbsd/xenocara.git synced 2025-12-10 19:28:58 +00:00
Code Issues Projects Releases Wiki Activity

Security fixes from X.Org advisory o February 25, 2025:

Browse Source 
CVE-2025-26594: Use-after-free of the root cursor
CVE-2025-26595: Buffer overflow in XkbVModMaskText()
CVE-2025-26596: Heap overflow in XkbWriteKeySyms()
CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey()
CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()
CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()
CVE-2025-26600: Use-after-free in PlayReleasedEvents()
CVE-2025-26601: Use-after-free in SyncInitTrigger()
This commit is contained in:
matthieu
2025-02-25 15:52:12 +00:00
parent ac809dfdca
commit 04a5e9b4d8
9 changed files with 126 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
xserver/dix/dispatch.c
View File

@@ -3107,6 +3107,10 @@ ProcFreeCursor(ClientPtr client)
rc = dixLookupResourceByType((void **) &pCursor, stuff->id, RT_CURSOR,
client, DixDestroyAccess);
if (rc == Success) {
if (pCursor == rootCursor) {
client->errorValue = stuff->id;
return BadCursor;
}
FreeResource(stuff->id, RT_NONE);
return Success;
}