[Bug 1124500] CVE-2014-5116 cairo: NULL pointer dereference in cairo_image_surface_get_data()
bugzilla at redhat.com
bugzilla at redhat.com
Thu Aug 14 06:51:37 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1124500
--- Comment #5 from Siddharth Sharma <sisharma at redhat.com> ---
Explanation:
Wireshark crashed before it hits the function in cairo because the the
higher value inside the text box in wireshark -> Statistics -> IP Addresses or
IP Destination cause the window to be painted much bigger than the Main X
Window
and it crashes which is right on part of Window Manager Implementation and X
Window System. It doesnt affect linux system as descrbed in the CVE-2014-5116
assigned.Wireshark should be sanitizing the input from:
wireshark -> Statistics -> IP Destination
wireshark -> Statistics -> IP Addresses
Things like this are supposed to be taken care by the application by itself.
In the process of reproducing this issue this resulted in
(wireshark:9541): Gdk-WARNING **: Native Windows wider or taller than 32767
pixels are not supported
(wireshark:9541): Gdk-ERROR **: The program 'wireshark' received an X Window
System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
(Details: serial 192739 error_code 11 request_code 53 minor_code 0)
(Note to programmers: normally, X errors are reported asynchronously;
that is, you will receive the error a while after causing it.
To debug your program, run it with the --sync command line
option to change this behavior. You can then get a meaningful
backtrace from your debugger if you break on the gdk_x_error() function.)
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Nr9Islgqxv&a=cc_unsubscribe
More information about the mingw
mailing list