summaryrefslogtreecommitdiffstats
path: root/x11/libXi/files/patch-src_XIPassiveGrab.c
diff options
context:
space:
mode:
Diffstat (limited to 'x11/libXi/files/patch-src_XIPassiveGrab.c')
-rw-r--r--x11/libXi/files/patch-src_XIPassiveGrab.c27
1 files changed, 0 insertions, 27 deletions
diff --git a/x11/libXi/files/patch-src_XIPassiveGrab.c b/x11/libXi/files/patch-src_XIPassiveGrab.c
deleted file mode 100644
index b41d9f4..0000000
--- a/x11/libXi/files/patch-src_XIPassiveGrab.c
+++ /dev/null
@@ -1,27 +0,0 @@
-From 91434737f592e8f5cc1762383882a582b55fc03a Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Sun, 10 Mar 2013 07:37:23 +0000
-Subject: memory corruption in _XIPassiveGrabDevice() [CVE-2013-1998 2/3]
-
-If the server returned more modifiers than the caller asked for,
-we'd just keep copying past the end of the array provided by the
-caller, writing over who-knows-what happened to be there.
-
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
----
-diff --git a/src/XIPassiveGrab.c b/src/XIPassiveGrab.c
-index ac17c01..53b4084 100644
---- src/XIPassiveGrab.c
-+++ src/XIPassiveGrab.c
-@@ -88,7 +88,7 @@ _XIPassiveGrabDevice(Display* dpy, int deviceid, int grabtype, int detail,
- return -1;
- _XRead(dpy, (char*)failed_mods, reply.num_modifiers * sizeof(xXIGrabModifierInfo));
-
-- for (i = 0; i < reply.num_modifiers; i++)
-+ for (i = 0; i < reply.num_modifiers && i < num_modifiers; i++)
- {
- modifiers_inout[i].status = failed_mods[i].status;
- modifiers_inout[i].modifiers = failed_mods[i].modifiers;
---
-cgit v0.9.0.2-2-gbebe
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 23:03:41 +0800