8a46f3237a
Release notes: https://lists.x.org/archives/xorg-announce/2020-July/003051.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> [Thomas: add IGNORE_CVES entry.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
|
|
From: Matthieu Herrb <matthieu@herrb.eu>
|
|
Date: Sat, 25 Jul 2020 19:33:50 +0200
|
|
Subject: [PATCH] fix for ZDI-11426
|
|
|
|
Avoid leaking un-initalized memory to clients by zeroing the
|
|
whole pixmap on initial allocation.
|
|
|
|
This vulnerability was discovered by:
|
|
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
|
|
|
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
|
|
[downloaded from upstream commit
|
|
https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816]
|
|
---
|
|
dix/pixmap.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/dix/pixmap.c b/dix/pixmap.c
|
|
index 1186d7dbbf..5a0146bbb6 100644
|
|
--- a/dix/pixmap.c
|
|
+++ b/dix/pixmap.c
|
|
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
|
|
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
|
|
return NullPixmap;
|
|
|
|
- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
|
|
+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
|
|
if (!pPixmap)
|
|
return NullPixmap;
|
|
|
|
--
|
|
GitLab
|
|
|