Blame SOURCES/0001-Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch

fa07e0
From 8660dd164882ce5fc1f274427e2ff3dc020d6273 Mon Sep 17 00:00:00 2001
fa07e0
From: Peter Hutterer <peter.hutterer@who-t.net>
fa07e0
Date: Wed, 25 Jan 2023 11:41:40 +1000
fa07e0
Subject: [PATCH xserver] Xi: fix potential use-after-free in
fa07e0
 DeepCopyPointerClasses
fa07e0
fa07e0
CVE-2023-0494, ZDI-CAN-19596
fa07e0
fa07e0
This vulnerability was discovered by:
fa07e0
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
fa07e0
fa07e0
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
fa07e0
(cherry picked from commit 0ba6d8c37071131a49790243cdac55392ecf71ec)
fa07e0
---
fa07e0
 Xi/exevents.c | 4 +++-
fa07e0
 1 file changed, 3 insertions(+), 1 deletion(-)
fa07e0
fa07e0
diff --git a/Xi/exevents.c b/Xi/exevents.c
fa07e0
index 217baa956..dcd4efb3b 100644
fa07e0
--- a/Xi/exevents.c
fa07e0
+++ b/Xi/exevents.c
fa07e0
@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
fa07e0
             memcpy(to->button->xkb_acts, from->button->xkb_acts,
fa07e0
                    sizeof(XkbAction));
fa07e0
         }
fa07e0
-        else
fa07e0
+        else {
fa07e0
             free(to->button->xkb_acts);
fa07e0
+            to->button->xkb_acts = NULL;
fa07e0
+        }
fa07e0
 
fa07e0
         memcpy(to->button->labels, from->button->labels,
fa07e0
                from->button->numButtons * sizeof(Atom));
fa07e0
-- 
fa07e0
2.39.1
fa07e0