Skip to content

Commit

Permalink
Xi: fix potential use-after-free in DeepCopyPointerClasses
Browse files Browse the repository at this point in the history 
CVE-2023-0494, ZDI-CAN-19596

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
  • Loading branch information
@whot @dcommander
whot authored and dcommander committed Sep 14, 2023
1 parent 72f16a9 commit 5af580c
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion unix/Xvnc/programs/Xserver/Xi/exevents.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -575,8 +575,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
memcpy(to->button->xkb_acts, from->button->xkb_acts,
sizeof(XkbAction));
}
else
else {
free(to->button->xkb_acts);
to->button->xkb_acts = NULL;
}

memcpy(to->button->labels, from->button->labels,
from->button->numButtons * sizeof(Atom));
Expand Down

0 comments on commit 5af580c

Please sign in to comment.