frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for a divide by zero that can be triggered by a malicious client. 

Problem reported by Derek Abdine of rapid7.com. Thanks.
This commit is contained in:
Keith Packard 2007-05-02 11:41:11 +02:00 committed by Matthieu Herrb
parent 873ef75b1e
commit 71fc5b3e93
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fb/fbtrap.c
View File

@ -117,6 +117,9 @@ fbRasterizeTrapezoid (PicturePtr pPicture,
RenderEdge l, r; RenderEdge l, r;
xFixed t, b; xFixed t, b;
if (!xTrapezoidValid (trap))
return;
fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff); fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff);
width = pPicture->pDrawable->width; width = pPicture->pDrawable->width;

1
render/renderedge.c
View File

@ -143,6 +143,7 @@ RenderEdgeInit (RenderEdge *e,
dx = x_bot - x_top; dx = x_bot - x_top;
dy = y_bot - y_top; dy = y_bot - y_top;
e->dy = dy; e->dy = dy;
e->dx = 0;
if (dy) if (dy)
{ {
if (dx >= 0) if (dx >= 0)