frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

render: Bounds check for nglyphs in ProcRenderAddGlyphs (#28801) 

Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
Adam Jackson 2010-06-28 18:08:50 -04:00 committed by Keith Packard
parent fc091936e2
commit 5725849a1b
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
render/render.c
View File

@ -1077,6 +1077,14 @@ ProcRenderAddGlyphs (ClientPtr client)
gi = (xGlyphInfo *) (gids + nglyphs); gi = (xGlyphInfo *) (gids + nglyphs);
bits = (CARD8 *) (gi + nglyphs); bits = (CARD8 *) (gi + nglyphs);
remain -= (sizeof (CARD32) + sizeof (xGlyphInfo)) * nglyphs; remain -= (sizeof (CARD32) + sizeof (xGlyphInfo)) * nglyphs;
/* protect against bad nglyphs */
if (gi < stuff || gi > ((CARD32 *)stuff + client->req_len) ||
bits < stuff || bits > ((CARD32 *)stuff + client->req_len)) {
err = BadLength;
goto bail;
}
for (i = 0; i < nglyphs; i++) for (i = 0; i < nglyphs; i++)
{ {
size_t padded_width; size_t padded_width;