mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-02 18:32:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
caac6c06bbeff7691f4f26c1d41e94de3d3c1c9a
poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-1.patch
Vijay Anusuri b4512e5691 xserver-xorg: Fix for CVE-2025-26599 
Upstream-Status: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84be & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8

(From OE-Core rev: c013fec3e5dd86544366308f53a031b080b140c6)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-03-04 08:46:02 -08:00

67 lines
2.0 KiB
Diff
Raw Blame History

From c1ff84bef2569b4ba4be59323cf575d1798ba9be Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Tue, 17 Dec 2024 15:19:45 +0100
Subject: [PATCH] composite: Handle failure to redirect in compRedirectWindow()
The function compCheckRedirect() may fail if it cannot allocate the
backing pixmap.
In that case, compRedirectWindow() will return a BadAlloc error.
However that failure code path will shortcut the validation of the
window tree marked just before, which leaves the validate data partly
initialized.
That causes a use of uninitialized pointer later.
The fix is to not shortcut the call to compHandleMarkedWindows() even in
the case of compCheckRedirect() returning an error.
CVE-2025-26599, ZDI-CAN-25851
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84be]
CVE: CVE-2025-26599
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
composite/compalloc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/composite/compalloc.c b/composite/compalloc.c
index eaabf0d..0bbbc55 100644
--- a/composite/compalloc.c
+++ b/composite/compalloc.c
@@ -140,6 +140,7 @@ compRedirectWindow(ClientPtr pClient, WindowPtr pWin, int update)
CompScreenPtr cs = GetCompScreen(pWin->drawable.pScreen);
WindowPtr pLayerWin;
Bool anyMarked = FALSE;
+ int status = Success;
if (pWin == cs->pOverlayWin) {
return Success;
@@ -218,13 +219,13 @@ compRedirectWindow(ClientPtr pClient, WindowPtr pWin, int update)
if (!compCheckRedirect(pWin)) {
FreeResource(ccw->id, RT_NONE);
- return BadAlloc;
+ status = BadAlloc;
}
if (anyMarked)
compHandleMarkedWindows(pWin, pLayerWin);
- return Success;
+ return status;
}
void
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink