Commit | Line | Data |
---|---|---|
cf1d1f4f MW |
1 | From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001 |
2 | From: Matthieu Herrb <matthieu@herrb.eu> | |
3 | Date: Sat, 25 Jul 2020 19:33:23 +0200 | |
4 | Subject: [PATCH] fix for ZDI-11426 | |
5 | ||
6 | Avoid leaking un-initalized memory to clients by zeroing the | |
7 | whole pixmap on initial allocation. | |
8 | ||
9 | This vulnerability was discovered by: | |
10 | Jan-Niklas Sohn working with Trend Micro Zero Day Initiative | |
11 | ||
12 | Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> | |
13 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> | |
14 | --- | |
15 | dix/pixmap.c | 2 +- | |
16 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
17 | ||
18 | diff --git a/dix/pixmap.c b/dix/pixmap.c | |
19 | index 1186d7dbb..5a0146bbb 100644 | |
20 | --- a/dix/pixmap.c | |
21 | +++ b/dix/pixmap.c | |
22 | @@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize) | |
23 | if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize) | |
24 | return NullPixmap; | |
25 | ||
26 | - pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize); | |
27 | + pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize); | |
28 | if (!pPixmap) | |
29 | return NullPixmap; | |
30 | ||
31 | -- | |
32 | 2.27.0 | |
33 |