packages/xorg-x11-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-2319

Browse Source
This commit is contained in:
baiguo 2022-07-22 11:27:14 +08:00
parent ad0368cca2
commit 49dacb4c75
2 changed files with 80 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
backport-CVE-2022-2319.patch Normal file
View File

@ -0,0 +1,74 @@
From 7b6db1b9ac7493163cb76898ac593dafc76988f6 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Fri, 22 Jul 2022 11:04:30 +0800
Subject: [PATCH] xkb: switch to array index loops to moving pointers Most
similar loops here use a pointer that advances with each loop iteration,
let's do the same here for consistency.
No functional changes.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
---
xkb/xkb.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 68c59df..8b6aea8 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -5369,16 +5369,16 @@ _CheckSetSections(XkbGeometryPtr geom,
row->left = rWire->left;
row->vertical = rWire->vertical;
kWire = (xkbKeyWireDesc *) &rWire[1];
- for (k = 0; k < rWire->nKeys; k++) {
+ for (k = 0; k < rWire->nKeys; k++, kWire++) {
XkbKeyPtr key;
key = XkbAddGeomKey(row);
if (!key)
return BadAlloc;
- memcpy(key->name.name, kWire[k].name, XkbKeyNameLength);
- key->gap = kWire[k].gap;
- key->shape_ndx = kWire[k].shapeNdx;
- key->color_ndx = kWire[k].colorNdx;
+ memcpy(key->name.name, kWire->name, XkbKeyNameLength);
+ key->gap = kWire->gap;
+ key->shape_ndx = kWire->shapeNdx;
+ key->color_ndx = kWire->colorNdx;
if (key->shape_ndx >= geom->num_shapes) {
client->errorValue = _XkbErrCode3(0x10, key->shape_ndx,
geom->num_shapes);
@@ -5390,7 +5390,7 @@ _CheckSetSections(XkbGeometryPtr geom,
return BadMatch;
}
}
- rWire = (xkbRowWireDesc *) &kWire[rWire->nKeys];
+ rWire = (xkbRowWireDesc *)kWire;
}
wire = (char *) rWire;
if (sWire->nDoodads > 0) {
@@ -5455,16 +5455,16 @@ _CheckSetShapes(XkbGeometryPtr geom,
return BadAlloc;
ol->corner_radius = olWire->cornerRadius;
ptWire = (xkbPointWireDesc *) &olWire[1];
- for (p = 0, pt = ol->points; p < olWire->nPoints; p++, pt++) {
- pt->x = ptWire[p].x;
- pt->y = ptWire[p].y;
+ for (p = 0, pt = ol->points; p < olWire->nPoints; p++, pt++, ptWire++) {
+ pt->x = ptWire->x;
+ pt->y = ptWire->y;
if (client->swapped) {
swaps(&pt->x);
swaps(&pt->y);
}
}
ol->num_points = olWire->nPoints;
- olWire = (xkbOutlineWireDesc *) (&ptWire[olWire->nPoints]);
+ olWire = (xkbOutlineWireDesc *)ptWire;
}
if (shapeWire->primaryNdx != XkbNoShape)
shape->primary = &shape->outlines[shapeWire->primaryNdx];
--
2.33.0

7
xorg-x11-server.spec
View File

@ -16,7 +16,7 @@
Name: xorg-x11-server
Version: 1.20.11
Release: 7
Release: 8
Summary: X.Org X11 X server
License: MIT and GPLv2
URL: https://www.x.org
@ -86,6 +86,7 @@ Patch6001: backport-CVE-2021-4009.patch
Patch6002: backport-CVE-2021-4010.patch
Patch6003: backport-CVE-2021-4011.patch
Patch6004: backport-rename-bool-to-boolean.patch
Patch6005: backport-CVE-2022-2319.patch
BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex git gcc
BuildRequires: systemtap-sdt-devel libtool pkgconfig
@ -429,6 +430,10 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
%{_mandir}/man*/*
%changelog
* Fri Jul 22 2022 baiguo<baiguo@kylinos.cn> - 1.20.11-8
- xkb: switch to array index loops to moving pointers
- fix CVE-2022-2319
* Fri Jul 22 2022 ouyangminxiang<ouyangminxiang@kylinsec.com.cn> - 1.20.11-7
- Fix the crash in shadowUpdatePacked because of memcpy acts randomly with overlapping areas.
- Fix the problem of black screen after entering the login interface