debian/patches/CVE-2014-8xxx/0036-CVE-2014-8092-additional.patch

   1 From 9802a0162f738de03585ca3f3b8a8266494f7d45 Mon Sep 17 00:00:00 2001
   2 From: Keith Packard <keithp@keithp.com>
   3 Date: Tue, 9 Dec 2014 09:30:59 -0800
   4 Subject: Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
   5
   6 The 'n' parameter must be surrounded by parens in both places to
   7 prevent precedence from mis-computing things.
   8
   9 Signed-off-by: Keith Packard <keithp@keithp.com>
  10 Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
  11 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
  12
  13 --- a/include/dix.h
  14 +++ b/include/dix.h
  15 @@ -80,7 +80,7 @@ SOFTWARE.
  16
  17  #define REQUEST_FIXED_SIZE(req, n)\
  18      if (((sizeof(req) >> 2) > client->req_len) || \
  19 -        ((n >> 2) >= client->req_len) || \
  20 +        (((n) >> 2) >= client->req_len) ||                              \
  21          ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len))  \
  22           return(BadLength)
  23