wlroots-hyprland

Author SHA1 Message Date

Author	SHA1	Message	Date
Tobias Stoeckmann	de0a032d8e	xcursor: Fix heap overflows when parsing malicious files It is possible to trigger heap overflows due to an integer overflow while parsing images. The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes 4 bytes. Properly chosen values allow an overflow which in turn will lead to less allocated memory than needed for subsequent reads. See also: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 `5d201df72f`	2018-11-06 14:40:41 +01:00
emersion	c2e1474010	Reformat all #include directives	2018-02-12 21:29:23 +01:00
Drew DeVault	7486263f7e	Add xcursor sublibrary	2017-08-07 21:13:04 -04:00

Tobias Stoeckmann

de0a032d8e

xcursor: Fix heap overflows when parsing malicious files

It is possible to trigger heap overflows due to an integer overflow
while parsing images.

The integer overflow occurs because the chosen limit 0x10000 for
dimensions is too large for 32 bit systems, because each pixel takes
4 bytes. Properly chosen values allow an overflow which in turn will
lead to less allocated memory than needed for subsequent reads.

See also:
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
5d201df72f

2018-11-06 14:40:41 +01:00

emersion

c2e1474010

Reformat all #include directives

2018-02-12 21:29:23 +01:00

Drew DeVault 7486263f7e Add xcursor sublibrary 2017-08-07 21:13:04 -04:00

3 Commits