openbsd/xenocara
1
0
Fork 0
mirror of https://github.com/openbsd/xenocara.git synced 2025-12-08 10:19:00 +00:00
Code Issues Projects Releases Wiki Activity

xkb: Fix buffer overflow in _XkbSetCompatMap()

Browse Source 
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.

However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.

CVE-2024-9632
This commit is contained in:
matthieu
2024-10-29 17:58:22 +00:00
parent 9356eb7713
commit 81fd437204
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
xserver/xkb/xkb.c
View File

@@ -2992,13 +2992,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
XkbSymInterpretPtr sym;
unsigned int skipped = 0;
if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
compat->num_si = req->firstSI + req->nSI;
if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
compat->num_si = compat->size_si = req->firstSI + req->nSI;
compat->sym_interpret = reallocarray(compat->sym_interpret,
compat->num_si,
compat->size_si,
sizeof(XkbSymInterpretRec));
if (!compat->sym_interpret) {
compat->num_si = 0;
compat->num_si = compat->size_si = 0;
return BadAlloc;
}
}