This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.6.x in repository nx-libs. commit dba779d9f99ab2fc6bf05c78515dbdd82840cadd Author: Keith Packard <keithp@keithp.com> Date: Fri May 1 13:09:24 2015 +0200 dix: Allow zero-height PutImage requests (fix for X.Org's CVE-2015-3418). The length checking code validates PutImage height and byte width by making sure that byte-width >= INT32_MAX / height. If height is zero, this generates a divide by zero exception. Allow zero height requests explicitly, bypassing the INT32_MAX check. Fix for regression introduced by fix for CVE-2014-8092. v2: backports to nx-libs 3.6.x (Mike Gabriel) Signed-off-by: Keith Packard <keithp@keithp.com> --- nx-X11/programs/Xserver/dix/dispatch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nx-X11/programs/Xserver/dix/dispatch.c b/nx-X11/programs/Xserver/dix/dispatch.c index 5ad2f5a..ab10640 100644 --- a/nx-X11/programs/Xserver/dix/dispatch.c +++ b/nx-X11/programs/Xserver/dix/dispatch.c @@ -2071,7 +2071,7 @@ ProcPutImage(register ClientPtr client) tmpImage = (char *)&stuff[1]; lengthProto = length; - if (lengthProto >= (INT32_MAX / stuff->height)) + if (stuff->height != 0 && lengthProto >= (INT32_MAX / stuff->height)) return BadLength; if (((((lengthProto * stuff->height) + (unsigned)3) >> 2) + -- Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git