Fix from X.Org for CVE-2007-5760 - XFree86 Misc extension out of

bounds array index.
2008-01-17 15:41:18 +00:00 · 2008-01-17 15:41:18 +00:00 · 478587a2d7
commit 478587a2d7
parent e57147883e
1 changed files with 4 additions and 0 deletions
--- a/xserver/hw/xfree86/common/xf86MiscExt.c
+++ b/xserver/hw/xfree86/common/xf86MiscExt.c
@ -548,6 +548,10 @@ MiscExtPassMessage(int scrnIndex, const char *msgtype, const char *msgval,
 {
    ScrnInfoPtr pScr = xf86Screens[scrnIndex];

+    /* should check this in the protocol, but xf86NumScreens isn't exported */
+    if (scrnIndex >= xf86NumScreens)
+	return BadValue;
+
    if (*pScr->HandleMessage == NULL)
 	    return BadImplementation;
    return (*pScr->HandleMessage)(scrnIndex, msgtype, msgval, retstr);