--- /dev/null
+From e4bde707b4972a03ffc7737bb8e70eed830670ca Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sun, 26 Jan 2014 19:33:34 -0800
+Subject: [PATCH 12/33] present: unvalidated lengths in Present extension
+ procs [CVE-2014-8103 2/2]
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: Julien Cristau <jcristau@debian.org>
+---
+ present/present_request.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/present/present_request.c b/present/present_request.c
+index 835890d..7c53e72 100644
+--- a/present/present_request.c
++++ b/present/present_request.c
+@@ -210,6 +210,7 @@ proc_present_query_capabilities (ClientPtr client)
+ RRCrtcPtr crtc = NULL;
+ int r;
+
++ REQUEST_SIZE_MATCH(xPresentQueryCapabilitiesReq);
+ r = dixLookupWindow(&window, stuff->target, client, DixGetAttrAccess);
+ switch (r) {
+ case Success:
+@@ -254,6 +255,7 @@ static int
+ sproc_present_query_version(ClientPtr client)
+ {
+ REQUEST(xPresentQueryVersionReq);
++ REQUEST_SIZE_MATCH(xPresentQueryVersionReq);
+
+ swaps(&stuff->length);
+ swapl(&stuff->majorVersion);
+@@ -265,6 +267,7 @@ static int
+ sproc_present_pixmap(ClientPtr client)
+ {
+ REQUEST(xPresentPixmapReq);
++ REQUEST_AT_LEAST_SIZE(xPresentPixmapReq);
+
+ swaps(&stuff->length);
+ swapl(&stuff->window);
+@@ -284,6 +287,7 @@ static int
+ sproc_present_notify_msc(ClientPtr client)
+ {
+ REQUEST(xPresentNotifyMSCReq);
++ REQUEST_SIZE_MATCH(xPresentNotifyMSCReq);
+
+ swaps(&stuff->length);
+ swapl(&stuff->window);
+@@ -297,6 +301,7 @@ static int
+ sproc_present_select_input (ClientPtr client)
+ {
+ REQUEST(xPresentSelectInputReq);
++ REQUEST_SIZE_MATCH(xPresentSelectInputReq);
+
+ swaps(&stuff->length);
+ swapl(&stuff->window);
+@@ -308,6 +313,7 @@ static int
+ sproc_present_query_capabilities (ClientPtr client)
+ {
+ REQUEST(xPresentQueryCapabilitiesReq);
++ REQUEST_SIZE_MATCH(xPresentQueryCapabilitiesReq);
+ swaps(&stuff->length);
+ swapl(&stuff->target);
+ return (*proc_present_vector[stuff->presentReqType]) (client);
+--
+1.7.9.2
+