1461N/AFrom dc777c346d5d452a53b13b917c45f6a1bad2f20b Mon Sep 17 00:00:00 2001
1461N/AFrom: Keith Packard <keithp@keithp.com>
1461N/ADate: Sat, 3 Jan 2015 08:46:45 -0800
1461N/ASubject: [PATCH] dix: Allow zero-height PutImage requests
1461N/AThe length checking code validates PutImage height and byte width by
1461N/Amaking sure that byte-width >= INT32_MAX / height. If height is zero,
1461N/Athis generates a divide by zero exception. Allow zero height requests
1461N/Aexplicitly, bypassing the INT32_MAX check.
1461N/ASigned-off-by: Keith Packard <keithp@keithp.com>
1461N/AReviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
1461N/A 1 file changed, 1 insertion(+), 1 deletion(-)
1461N/Aindex 55b978d..9044ac7 100644
1461N/A@@ -2000,7 +2000,7 @@ ProcPutImage(ClientPtr client)
1461N/A tmpImage = (char *) &stuff[1];
1461N/A- if (lengthProto >= (INT32_MAX / stuff->height))
1461N/A+ if (stuff->height != 0 && lengthProto >= (INT32_MAX / stuff->height))
1461N/A if ((bytes_to_int32(lengthProto * stuff->height) +