[deb_xorg-server.git] / debian / patches / CVE-2014-8xxx / 0036-CVE-2014-8092-additional.patch

From 9802a0162f738de03585ca3f3b8a8266494f7d45 Mon Sep 17 00:00:00 2001
From: Keith Packard <keithp@keithp.com>
Date: Tue, 9 Dec 2014 09:30:59 -0800
Subject: Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]

The 'n' parameter must be surrounded by parens in both places to
prevent precedence from mis-computing things.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

--- a/include/dix.h
+++ b/include/dix.h
@@ -80,7 +80,7 @@ SOFTWARE.
 
 #define REQUEST_FIXED_SIZE(req, n)\
     if (((sizeof(req) >> 2) > client->req_len) || \
-        ((n >> 2) >= client->req_len) || \
+        (((n) >> 2) >= client->req_len) ||                              \
         ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len))  \
          return(BadLength)
Commit	Line	Data
7217e0ca ML	1	From 9802a0162f738de03585ca3f3b8a8266494f7d45 Mon Sep 17 00:00:00 2001
	2	From: Keith Packard <keithp@keithp.com>
	3	Date: Tue, 9 Dec 2014 09:30:59 -0800
	4	Subject: Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
	5
	6	The 'n' parameter must be surrounded by parens in both places to
	7	prevent precedence from mis-computing things.
	8
	9	Signed-off-by: Keith Packard <keithp@keithp.com>
	10	Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
	11	Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
	12
7217e0ca ML	13	--- a/include/dix.h
	14	+++ b/include/dix.h
	15	@@ -80,7 +80,7 @@ SOFTWARE.
	16
	17	#define REQUEST_FIXED_SIZE(req, n)\
	18	if (((sizeof(req) >> 2) > client->req_len) \|\| \
	19	- ((n >> 2) >= client->req_len) \|\| \
	20	+ (((n) >> 2) >= client->req_len) \|\| \
	21	((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len)) \
	22	return(BadLength)
	23