CVS commit: xsrc/external/mit/xorg-server.old/dist/Xi

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: xsrc/external/mit/xorg-server.old/dist/Xi
From: "matthew green" <mrg%netbsd.org@localhost>
Date: Sat, 2 Nov 2024 23:58:33 +0000

Module Name:    xsrc
Committed By:   mrg
Date:           Sat Nov  2 23:58:33 UTC 2024

Modified Files:
        xsrc/external/mit/xorg-server.old/dist/Xi: xichangehierarchy.c

Log Message:
merge upstream change 4a5e9b1895627d40d26045bd0b7ef3dce503cbd1

Subject: [PATCH] Xi: flush hierarchy events after adding/removing master
 devices

The `XISendDeviceHierarchyEvent()` function allocates space to store up
to `MAXDEVICES` (256) `xXIHierarchyInfo` structures in `info`.

If a device with a given ID was removed and a new device with the same
ID added both in the same operation, the single device ID will lead to
two info structures being written to `info`.

Since this case can occur for every device ID at once, a total of two
times `MAXDEVICES` info structures might be written to the allocation.

To avoid it, once one add/remove master is processed, send out the
device hierarchy event for the current state and continue. That event
thus only ever has exactly one of either added/removed in it (and
optionally slave attached/detached).

CVE-2024-21885, ZDI-CAN-22744

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
    xsrc/external/mit/xorg-server.old/dist/Xi/xichangehierarchy.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: xsrc/external/mit/xorg-server.old/dist/glx
Next by Date: CVS commit: xsrc/external/mit/xorg-server.old/dist/dix
Previous by Thread: CVS commit: xsrc/external/mit/xorg-server.old/dist/glx
Next by Thread: CVS commit: xsrc/external/mit/xorg-server.old/dist/dix
Indexes:

Home | Main Index | Thread Index | Old Index