Skip to content
Commit e23000d8 authored by Tobias Stöckmann's avatar Tobias Stöckmann Committed by Olivier Fourdan
Browse files

record: Fix OOB access in ProcRecordUnregisterClients 



If a client sends a RecordUnregisterClients request with an nClients
field larger than INT_MAX / 4, an integer overflow leads to an
out of boundary access in RecordSanityCheckClientSpecifiers.

An example line with libXtst would be:
XRecordUnregisterClients(dpy, rc, clients, 0x40000001);

Reviewed-by: default avatarAdam Jackson <ajax@redhat.com>
(cherry picked from commit 40c12a76)
parent 3166138e
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment