26ef545b35
ZDI-CAN-19866/CVE-2023-1393 If a client explicitly destroys the compositor overlay window (aka COW), we would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Make sure to clear the CompScreen pointer to the COW when the latter gets destroyed explicitly by the client. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Reviewed-by: Adam Jackson <ajax@redhat.com> |
||
|---|---|---|
| .. | ||
| compalloc.c | ||
| compext.c | ||
| compinit.c | ||
| compint.h | ||
| compositeext.h | ||
| compoverlay.c | ||
| compwindow.c | ||
| meson.build | ||