[jackhill/guix/guix.git] / gnu / packages / patches / xorg-server-CVE-2020-14347.patch

From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@herrb.eu>
Date: Sat, 25 Jul 2020 19:33:23 +0200
Subject: [PATCH] fix for ZDI-11426

Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
 dix/pixmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dix/pixmap.c b/dix/pixmap.c
index 1186d7dbb..5a0146bbb 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
         return NullPixmap;
 
-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
         return NullPixmap;
 
-- 
2.27.0
Commit	Line	Data
cf1d1f4f MW	1	From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
	2	From: Matthieu Herrb <matthieu@herrb.eu>
	3	Date: Sat, 25 Jul 2020 19:33:23 +0200
	4	Subject: [PATCH] fix for ZDI-11426
	5
	6	Avoid leaking un-initalized memory to clients by zeroing the
	7	whole pixmap on initial allocation.
	8
	9	This vulnerability was discovered by:
	10	Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
	11
	12	Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
	13	Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
	14	---
	15	dix/pixmap.c \| 2 +-
	16	1 file changed, 1 insertion(+), 1 deletion(-)
	17
	18	diff --git a/dix/pixmap.c b/dix/pixmap.c
	19	index 1186d7dbb..5a0146bbb 100644
	20	--- a/dix/pixmap.c
	21	+++ b/dix/pixmap.c
	22	@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
	23	if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
	24	return NullPixmap;
	25
	26	- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
	27	+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
	28	if (!pPixmap)
	29	return NullPixmap;
	30
	31	--
	32	2.27.0
	33