aboutsummaryrefslogtreecommitdiff
path: root/xcursor/xcursor.c
AgeCommit message (Collapse)Author
2018-11-06xcursor: Fix heap overflows when parsing malicious filesTobias Stoeckmann
It is possible to trigger heap overflows due to an integer overflow while parsing images. The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes 4 bytes. Properly chosen values allow an overflow which in turn will lead to less allocated memory than needed for subsequent reads. See also: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 https://gitlab.freedesktop.org/wayland/wayland/commit/5d201df72f3d4f4cb8b8f75f980169b03507da38
2018-02-12Reformat all #include directivesemersion
2017-08-07Add xcursor sublibraryDrew DeVault