blob: 2cdef752c736f32101310c65f28e46eceb54c0be (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
From b6fe3f924aecac6d6e311673511ce61aa2f7a81f Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu, 12 Oct 2023 12:42:06 +1000
Subject: [PATCH] mi: fix CloseScreen initialization order
If SHM is enabled it will set the CloseScreen pointer, only to be
overridden by the hardcoded miCloseScreen pointer. Do this the other way
round, miCloseScreen is the bottom of our stack.
Direct leak of 48 byte(s) in 2 object(s) allocated from:
#0 0x7f5ea3ad8cc7 in calloc (/lib64/libasan.so.8+0xd8cc7) (BuildId: d8f3addefe29e892d775c30eb364afd3c2484ca5))
#1 0x70adfb in ShmInitScreenPriv ../Xext/shm.c:213
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b6fe3f924aecac6d6e311673511ce61aa2f7a81f]
CVE: CVE-2023-5574
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
mi/miscrinit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mi/miscrinit.c b/mi/miscrinit.c
index 3bb52b1bc6..b88938c9ae 100644
--- a/mi/miscrinit.c
+++ b/mi/miscrinit.c
@@ -249,10 +249,10 @@ miScreenInit(ScreenPtr pScreen, void *pbits, /* pointer to screen bits */
pScreen->numVisuals = numVisuals;
pScreen->visuals = visuals;
if (width) {
+ pScreen->CloseScreen = miCloseScreen;
#ifdef MITSHM
ShmRegisterFbFuncs(pScreen);
#endif
- pScreen->CloseScreen = miCloseScreen;
}
/* else CloseScreen */
/* QueryBestSize */
--
GitLab
|
