1e4e5956d0
The Xv query functions for adaptors and encodings suffer from out of boundary accesses if a hostile X server sends a maliciously crafted response. A previous fix already checks the received length against fixed values but ignores additional length specifications which are stored inside the received data. These lengths are accessed in a for-loop. The easiest way to guarantee a correct processing is by validating all lengths against the remaining size left before accessing referenced memory. This makes the previously applied check obsolete, therefore I removed it. From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016 |
||
|---|---|---|
| .. | ||
| include | ||
| man | ||
| src | ||
| aclocal.m4 | ||
| AUTHORS | ||
| ChangeLog | ||
| compile | ||
| config.guess | ||
| config.h.in | ||
| config.sub | ||
| configure | ||
| configure.ac | ||
| COPYING | ||
| depcomp | ||
| INSTALL | ||
| install-sh | ||
| ltmain.sh | ||
| Makefile.am | ||
| Makefile.bsd-wrapper | ||
| Makefile.in | ||
| missing | ||
| README | ||
| xv.pc.in | ||
libXv - library for the X Video (Xv) extension to the X Window System
All questions regarding this software should be directed at the
Xorg mailing list:
http://lists.freedesktop.org/mailman/listinfo/xorg
Please submit bug reports to the Xorg bugzilla:
https://bugs.freedesktop.org/enter_bug.cgi?product=xorg
The master development code repository can be found at:
git://anongit.freedesktop.org/git/xorg/lib/libXv
http://cgit.freedesktop.org/xorg/lib/libXv
For patch submission instructions, see:
http://www.x.org/wiki/Development/Documentation/SubmittingPatches
For more information on the git code manager, see:
http://wiki.x.org/wiki/GitPage