This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch 3.5.0.x in repository nx-libs. discards dd9d54a Security fixes: X.Org CVE-2014-8099: discards 36778c5 Security fixes: X.Org CVE-2015-3418: discards 6955aae Security fixes: X.Org CVE-2014-8092: discards 586ca14 Security fixes: X.Org CVE-2013-4396: new 4fb3532 Security fixes: X.Org CVE-2013-4396: new 125254d Security fixes: X.Org CVE-2014-8092: new e5ff9ac Security fixes: X.Org CVE-2015-3418: new 16df117 Security fixes: X.Org CVE-2014-8099: This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (dd9d54a) \ N -- N -- N refs/heads/3.5.0.x (16df117) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omits" are not gone; other references still refer to them. Any revisions marked "discards" are gone forever. The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: ...fter-free-in-dix-dixfonts.c-doImageT.full.patch | 10 ++--- ...-overflow-in-ProcPutImage-CVE-2014-8.full.patch | 2 +- ...ted-lengths-in-XVideo-extension-swap.full.patch | 40 ++++++++++---------- ...18-dix-Allow-zero-height-PutImage-re.full.patch | 2 +- 4 files changed, 27 insertions(+), 27 deletions(-) -- Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.5.0.x in repository nx-libs. commit 4fb35326a190f95f262bf9ea2e27de1ff81bda25 Author: Mihai Moldovan <ionic@ionic.de> Date: Tue Jun 2 17:59:28 2015 +0200 Security fixes: X.Org CVE-2013-4396: v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo) v3: backport v2 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch --- debian/changelog | 6 +++ ...fter-free-in-dix-dixfonts.c-doImageT.full.patch | 51 ++++++++++++++++++-- 2 files changed, 52 insertions(+), 5 deletions(-) diff --git a/debian/changelog b/debian/changelog index cb4fb7f..d027112 100644 --- a/debian/changelog +++ b/debian/changelog @@ -163,6 +163,12 @@ nx-libs (2:3.5.0.32-0x2go1) UNRELEASED; urgency=low Backported from Arctica GH 3.6.x branch. Affects: - 9900-dxpc-license-history.full+lite.patch + * Security fixes: + - X.Org CVE-2013-4396: + v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo) + v3: backport v2 to nx-libs 3.5.0.x (Mihai Moldovan) + Changes: + + 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch [ Bernard Cafarelli ] * nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'. diff --git a/debian/patches/1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch b/debian/patches/1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch index 8cb1d0d..b7d63f6 100644 --- a/debian/patches/1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch +++ b/debian/patches/1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch @@ -21,12 +21,14 @@ X server is mostly single threaded, the odds of the free memory having invalid contents are low with most malloc implementations when not using memory debugging features, but some allocators will definitely overwrite the memory there, leading to a likely crash. + +v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo) +v3: backport v2 to nx-libs 3.5.0.x (Mihai Moldovan) + --- nx-X11/programs/Xserver/dix/dixfonts.c | 5 +++++ 1 file changed, 5 insertions(+) -diff --git a/nx-X11/programs/Xserver/dix/dixfonts.c b/nx-X11/programs/Xserver/dix/dixfonts.c -index 193f555..42fd647 100644 --- a/nx-X11/programs/Xserver/dix/dixfonts.c +++ b/nx-X11/programs/Xserver/dix/dixfonts.c @@ -1559,6 +1559,7 @@ doImageText(ClientPtr client, register ITclosurePtr c) @@ -69,6 +71,45 @@ index 193f555..42fd647 100644 err = BadAlloc; goto bail; } --- -2.1.4 - +--- a/nx-X11/programs/Xserver/hw/nxagent/NXdixfonts.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/NXdixfonts.c +@@ -1711,6 +1711,7 @@ doImageText(ClientPtr client, register ITclosurePtr c) + GC *pGC; + unsigned char *data; + ITclosurePtr new_closure; ++ ITclosurePtr old_closure; + + /* We're putting the client to sleep. We need to + save some state. Similar problem to that handled +@@ -1723,6 +1724,7 @@ doImageText(ClientPtr client, register ITclosurePtr c) + err = BadAlloc; + goto bail; + } ++ old_closure = c; + *new_closure = *c; + c = new_closure; + +@@ -1730,6 +1732,7 @@ doImageText(ClientPtr client, register ITclosurePtr c) + if (!data) + { + xfree(c); ++ c = old_closure; + err = BadAlloc; + goto bail; + } +@@ -1741,6 +1744,7 @@ doImageText(ClientPtr client, register ITclosurePtr c) + { + xfree(c->data); + xfree(c); ++ c = old_closure; + err = BadAlloc; + goto bail; + } +@@ -1759,6 +1763,7 @@ doImageText(ClientPtr client, register ITclosurePtr c) + FreeScratchGC(pGC); + xfree(c->data); + xfree(c); ++ c = old_closure; + err = BadAlloc; + goto bail; + } -- Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.5.0.x in repository nx-libs. commit 125254d35483d0e645f935b27d3ba8cf52786a36 Author: Mihai Moldovan <ionic@ionic.de> Date: Tue Jun 2 18:11:24 2015 +0200 Security fixes: X.Org CVE-2014-8092: v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch --- debian/changelog | 6 ++++++ ...-overflow-in-ProcPutImage-CVE-2014-8.full.patch | 21 +++++++++++++++----- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/debian/changelog b/debian/changelog index d027112..4d03fc4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -169,6 +169,12 @@ nx-libs (2:3.5.0.32-0x2go1) UNRELEASED; urgency=low v3: backport v2 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: + 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch + * Security fixes: + - X.Org CVE-2014-8092: + v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) + v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) + Changes: + + 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch [ Bernard Cafarelli ] * nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'. diff --git a/debian/patches/1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch b/debian/patches/1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch index 05d4919..6d48cee 100644 --- a/debian/patches/1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch +++ b/debian/patches/1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch @@ -12,6 +12,9 @@ pixmap can overflow a 32-bit number, causing out-of-bounds memory writes on 32-bit systems (since the length is stored in a long int variable). v2: backport to nx-libs 3.6.x (Mike DePaulo) +v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) +v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) + Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> @@ -22,8 +25,6 @@ Conflicts: nx-X11/programs/Xserver/dix/dispatch.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -diff --git a/nx-X11/programs/Xserver/dix/dispatch.c b/nx-X11/programs/Xserver/dix/dispatch.c -index 6941456..5ad2f5a 100644 --- a/nx-X11/programs/Xserver/dix/dispatch.c +++ b/nx-X11/programs/Xserver/dix/dispatch.c @@ -2071,7 +2071,9 @@ ProcPutImage(register ClientPtr client) @@ -37,6 +38,16 @@ index 6941456..5ad2f5a 100644 if (((((lengthProto * stuff->height) + (unsigned)3) >> 2) + (sizeof(xPutImageReq) >> 2)) != client->req_len) return BadLength; --- -2.1.4 - +--- a/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c +@@ -2630,7 +2630,9 @@ ProcPutImage(register ClientPtr client) + + tmpImage = (char *)&stuff[1]; + lengthProto = length; +- ++ if (lengthProto >= (INT32_MAX / stuff->height)) ++ return BadLength; ++ + if (((((lengthProto * stuff->height) + (unsigned)3) >> 2) + + (sizeof(xPutImageReq) >> 2)) != client->req_len) + return BadLength; -- Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.5.0.x in repository nx-libs. commit 16df117e563e53a77410b7fd0719c2014eef6a16 Author: Mihai Moldovan <ionic@ionic.de> Date: Tue Jun 2 18:38:59 2015 +0200 Security fixes: X.Org CVE-2014-8099: v3: port to NXxvdisp.c rather than xvdisp.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch --- debian/changelog | 6 + ...ted-lengths-in-XVideo-extension-swap.full.patch | 169 +++++++++++++++++++- 2 files changed, 170 insertions(+), 5 deletions(-) diff --git a/debian/changelog b/debian/changelog index 3201670..db70137 100644 --- a/debian/changelog +++ b/debian/changelog @@ -181,6 +181,12 @@ nx-libs (2:3.5.0.32-0x2go1) UNRELEASED; urgency=low v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: + 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch + * Security fixes: + - X.Org CVE-2014-8099: + v3: port to NXxvdisp.c rather than xvdisp.c (Mike DePaulo) + v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) + Changes: + + 1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch [ Bernard Cafarelli ] * nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'. diff --git a/debian/patches/1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch b/debian/patches/1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch index 1d458a7..f869da9 100644 --- a/debian/patches/1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch +++ b/debian/patches/1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch @@ -5,6 +5,8 @@ Subject: [PATCH 26/40] Xv: unvalidated lengths in XVideo extension swapped procs [CVE-2014-8099] v2: backport to nx-libs 3.6.x (Mike DePaulo) +v3: port to NXxvdisp.c rather than xvdisp.c (Mike DePaulo) +v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> @@ -15,8 +17,6 @@ Conflicts: nx-X11/programs/Xserver/Xext/xvdisp.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) -diff --git a/nx-X11/programs/Xserver/Xext/xvdisp.c b/nx-X11/programs/Xserver/Xext/xvdisp.c -index 21ab0b6..b361c0f 100644 --- a/nx-X11/programs/Xserver/Xext/xvdisp.c +++ b/nx-X11/programs/Xserver/Xext/xvdisp.c @@ -1347,6 +1347,7 @@ SProcXvQueryExtension(ClientPtr client) @@ -179,6 +179,165 @@ index 21ab0b6..b361c0f 100644 swaps(&stuff->length, n); swapl(&stuff->port, n); return ProcXvListImageFormats(client); --- -2.1.4 - +--- a/nx-X11/programs/Xserver/hw/nxagent/NXxvdisp.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/NXxvdisp.c +@@ -1401,6 +1401,7 @@ SProcXvQueryExtension(ClientPtr client) + { + register char n; + REQUEST(xvQueryExtensionReq); ++ REQUEST_SIZE_MATCH(xvQueryExtensionReq); + swaps(&stuff->length, n); + return ProcXvQueryExtension(client); + } +@@ -1410,6 +1411,7 @@ SProcXvQueryAdaptors(ClientPtr client) + { + register char n; + REQUEST(xvQueryAdaptorsReq); ++ REQUEST_SIZE_MATCH(xvQueryAdaptorsReq); + swaps(&stuff->length, n); + swapl(&stuff->window, n); + return ProcXvQueryAdaptors(client); +@@ -1420,6 +1422,7 @@ SProcXvQueryEncodings(ClientPtr client) + { + register char n; + REQUEST(xvQueryEncodingsReq); ++ REQUEST_SIZE_MATCH(xvQueryEncodingsReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + return ProcXvQueryEncodings(client); +@@ -1430,6 +1433,7 @@ SProcXvGrabPort(ClientPtr client) + { + register char n; + REQUEST(xvGrabPortReq); ++ REQUEST_SIZE_MATCH(xvGrabPortReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->time, n); +@@ -1441,6 +1445,7 @@ SProcXvUngrabPort(ClientPtr client) + { + register char n; + REQUEST(xvUngrabPortReq); ++ REQUEST_SIZE_MATCH(xvUngrabPortReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->time, n); +@@ -1452,6 +1457,7 @@ SProcXvPutVideo(ClientPtr client) + { + register char n; + REQUEST(xvPutVideoReq); ++ REQUEST_SIZE_MATCH(xvPutVideoReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->drawable, n); +@@ -1472,6 +1478,7 @@ SProcXvPutStill(ClientPtr client) + { + register char n; + REQUEST(xvPutStillReq); ++ REQUEST_SIZE_MATCH(xvPutStillReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->drawable, n); +@@ -1492,6 +1499,7 @@ SProcXvGetVideo(ClientPtr client) + { + register char n; + REQUEST(xvGetVideoReq); ++ REQUEST_SIZE_MATCH(xvGetVideoReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->drawable, n); +@@ -1512,6 +1520,7 @@ SProcXvGetStill(ClientPtr client) + { + register char n; + REQUEST(xvGetStillReq); ++ REQUEST_SIZE_MATCH(xvGetStillReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->drawable, n); +@@ -1532,6 +1541,7 @@ SProcXvPutImage(ClientPtr client) + { + register char n; + REQUEST(xvPutImageReq); ++ REQUEST_AT_LEAST_SIZE(xvPutImageReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->drawable, n); +@@ -1556,6 +1566,7 @@ SProcXvShmPutImage(ClientPtr client) + { + register char n; + REQUEST(xvShmPutImageReq); ++ REQUEST_SIZE_MATCH(xvShmPutImageReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->drawable, n); +@@ -1583,6 +1594,7 @@ SProcXvSelectVideoNotify(ClientPtr client) + { + register char n; + REQUEST(xvSelectVideoNotifyReq); ++ REQUEST_SIZE_MATCH(xvSelectVideoNotifyReq); + swaps(&stuff->length, n); + swapl(&stuff->drawable, n); + return ProcXvSelectVideoNotify(client); +@@ -1593,6 +1605,7 @@ SProcXvSelectPortNotify(ClientPtr client) + { + register char n; + REQUEST(xvSelectPortNotifyReq); ++ REQUEST_SIZE_MATCH(xvSelectPortNotifyReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + return ProcXvSelectPortNotify(client); +@@ -1603,6 +1616,7 @@ SProcXvStopVideo(ClientPtr client) + { + register char n; + REQUEST(xvStopVideoReq); ++ REQUEST_SIZE_MATCH(xvStopVideoReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->drawable, n); +@@ -1614,6 +1628,7 @@ SProcXvSetPortAttribute(ClientPtr client) + { + register char n; + REQUEST(xvSetPortAttributeReq); ++ REQUEST_SIZE_MATCH(xvSetPortAttributeReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->attribute, n); +@@ -1625,6 +1640,7 @@ SProcXvGetPortAttribute(ClientPtr client) + { + register char n; + REQUEST(xvGetPortAttributeReq); ++ REQUEST_SIZE_MATCH(xvGetPortAttributeReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swapl(&stuff->attribute, n); +@@ -1636,6 +1652,7 @@ SProcXvQueryBestSize(ClientPtr client) + { + register char n; + REQUEST(xvQueryBestSizeReq); ++ REQUEST_SIZE_MATCH(xvQueryBestSizeReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + swaps(&stuff->vid_w, n); +@@ -1650,6 +1667,7 @@ SProcXvQueryPortAttributes(ClientPtr client) + { + register char n; + REQUEST(xvQueryPortAttributesReq); ++ REQUEST_SIZE_MATCH(xvQueryPortAttributesReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + return ProcXvQueryPortAttributes(client); +@@ -1660,6 +1678,7 @@ SProcXvQueryImageAttributes(ClientPtr client) + { + register char n; + REQUEST(xvQueryImageAttributesReq); ++ REQUEST_SIZE_MATCH(xvQueryImageAttributesReq); + swaps(&stuff->length, n); + swapl(&stuff->id, n); + swaps(&stuff->width, n); +@@ -1672,6 +1691,7 @@ SProcXvListImageFormats(ClientPtr client) + { + register char n; + REQUEST(xvListImageFormatsReq); ++ REQUEST_SIZE_MATCH(xvListImageFormatsReq); + swaps(&stuff->length, n); + swapl(&stuff->port, n); + return ProcXvListImageFormats(client); -- Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.5.0.x in repository nx-libs. commit e5ff9ace4c2b5a4e04b771c2ec417ceba63218cf Author: Mihai Moldovan <ionic@ionic.de> Date: Tue Jun 2 18:27:15 2015 +0200 Security fixes: X.Org CVE-2015-3418: v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch --- debian/changelog | 6 ++++++ ...18-dix-Allow-zero-height-PutImage-re.full.patch | 16 ++++++++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 4d03fc4..3201670 100644 --- a/debian/changelog +++ b/debian/changelog @@ -175,6 +175,12 @@ nx-libs (2:3.5.0.32-0x2go1) UNRELEASED; urgency=low v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: + 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch + * Security fixes: + - X.Org CVE-2015-3418: + v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) + v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) + Changes: + + 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch [ Bernard Cafarelli ] * nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'. diff --git a/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch b/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch index 7b6f28c..8fc777e 100644 --- a/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch +++ b/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch @@ -12,10 +12,11 @@ Date: Fri May 1 13:09:24 2015 +0200 Fix for regression introduced by fix for CVE-2014-8092. v2: backports to nx-libs 3.6.x (Mike Gabriel) + v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) + v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) + Signed-off-by: Keith Packard <keithp@keithp.com> -diff --git a/nx-X11/programs/Xserver/dix/dispatch.c b/nx-X11/programs/Xserver/dix/dispatch.c -index 5ad2f5a..ab10640 100644 --- a/nx-X11/programs/Xserver/dix/dispatch.c +++ b/nx-X11/programs/Xserver/dix/dispatch.c @@ -2071,7 +2071,7 @@ ProcPutImage(register ClientPtr client) @@ -27,3 +28,14 @@ index 5ad2f5a..ab10640 100644 return BadLength; if (((((lengthProto * stuff->height) + (unsigned)3) >> 2) + +--- a/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c +@@ -2630,7 +2630,7 @@ ProcPutImage(register ClientPtr client) + + tmpImage = (char *)&stuff[1]; + lengthProto = length; +- if (lengthProto >= (INT32_MAX / stuff->height)) ++ if (stuff->height != 0 && lengthProto >= (INT32_MAX / stuff->height)) + return BadLength; + + if (((((lengthProto * stuff->height) + (unsigned)3) >> 2) + -- Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
-
git-admin@x2go.org