From af2f977c6b8005879fd5d5d680dc45182797a843 Mon Sep 17 00:00:00 2001
From: matthieu <matthieu@openbsd.org>
Date: Thu, 17 Jan 2008 15:43:06 +0000
Subject: [PATCH] Fix from X.Org for CVE-2007-6428 - TOG-cup extension memory
 corruption.

---
 xserver/Xext/cup.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/xserver/Xext/cup.c b/xserver/Xext/cup.c
index 6bfa27837..781b9ce2b 100644
--- a/xserver/Xext/cup.c
+++ b/xserver/Xext/cup.c
@@ -196,6 +196,9 @@ int ProcGetReservedColormapEntries(
 
     REQUEST_SIZE_MATCH (xXcupGetReservedColormapEntriesReq);
 
+    if (stuff->screen >= screenInfo.numScreens)
+	return BadValue;
+
 #ifndef HAVE_SPECIAL_DESKTOP_COLORS
     citems[CUP_BLACK_PIXEL].pixel = 
 	screenInfo.screens[stuff->screen]->blackPixel;