mirror of
https://github.com/hyprwm/wlroots-hyprland.git
synced 2024-11-09 15:05:58 +01:00
d0c1f0c0b6
The libXcursor fix for CVE-2013-2003 has never been imported into wlroots, leaving it vulnerable to it. Changing the argument type to an unsigned type is an effective merge of Ilja Van Sprundel's commit in libXcursor. Proof of Concept (compile with address sanitizer): $ mkdir -p ~/.local/share/icons/poc/cursors $ base64 -d <<< WGN1chAAAAAAAAAA/////w== > \ ~/.local/share/icons/poc/cursors/poc $ echo "seat seat0 xcursor_theme poc 10" > ~/poc-config $ sway -c ~/poc-config |
||
---|---|---|
.. | ||
meson.build | ||
wlr_xcursor.c | ||
xcursor.c |