frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xserver/hw
History
Martin Weber c726ceacc1 hw/xfree86: Avoid cursor use after free 
During a VT-Switch a raw pointer to the shared cursor object
is saved which is then freed (in case of low refcount) by a call to
xf86CursorSetCursor with argument pCurs = NullCursor.
This leads to a dangling pointer which can follow in a use after free.

This fix ensures that there is a shared handle saved for the VT-Switch cycle.

Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
(cherry picked from commit 7ae221ad57)
 		2020-08-18 04:12:09 +00:00
..
dmx Update URL's in man pages 2020-08-18 04:12:08 +00:00
kdrive Add ddxInputThread call from os layer into ddx layer 2020-01-13 22:25:39 +00:00
vfb Add ddxInputThread call from os layer into ddx layer 2020-01-13 22:25:39 +00:00
xfree86 hw/xfree86: Avoid cursor use after free 2020-08-18 04:12:09 +00:00
xnest Add ddxInputThread call from os layer into ddx layer 2020-01-13 22:25:39 +00:00
xquartz Update URL's in man pages 2020-08-18 04:12:08 +00:00
xwayland xwayland: Disable the MIT-SCREEN-SAVER extension when rootless 2020-08-12 16:55:58 +02:00
xwin Add ddxInputThread call from os layer into ddx layer 2020-01-13 22:25:39 +00:00
Makefile.am Xwayland DDX 2014-04-03 15:19:22 -07:00
meson.build meson: Move Xvfb build under an option. 2017-09-20 13:19:21 -04:00