From b99f7975407f111b99d772cd28224d7dc1b34fe4 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Fri, 9 Nov 2012 18:05:27 -0500
Subject: [PATCH] glx: Handle failure to create the pixmap backing the pbuffer

We happen not to sanitize the width/height we pass to CreatePixmap here,
oops.  It's not exploitable, but it's certainly a crash, so let's just
throw BadAlloc instead.

Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
---
 glx/glxcmds.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/glx/glxcmds.c b/glx/glxcmds.c
index 27a68aa37..9426fc154 100644
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@@ -1416,6 +1416,8 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId,
                                                     width, height,
                                                     config->rgbBits, 0);
     __glXleaveServer(GL_FALSE);
+    if (!pPixmap)
+        return BadAlloc;
 
     /* Assign the pixmap the same id as the pbuffer and add it as a
      * resource so it and the DRI2 drawable will be reclaimed when the