tasn pushed a commit to branch master. http://git.enlightenment.org/core/enlightenment.git/commit/?id=981e3f8f31606908d4889fa379cdf7d259810a26
commit 981e3f8f31606908d4889fa379cdf7d259810a26 Author: Tom Hacohen <t...@stosb.com> Date: Fri Oct 9 09:19:51 2015 +0100 Client: fix potential out of bounds read. This is an unsigned int underflow that could lead to an out of bounds read. CID 1291837 @fix --- src/bin/e_client.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/bin/e_client.c b/src/bin/e_client.c index f530dcb..1b44518 100644 --- a/src/bin/e_client.c +++ b/src/bin/e_client.c @@ -3257,7 +3257,10 @@ e_client_below_get(const E_Client *ec) if (e_comp_canvas_client_layer_map(ec->layer) == 9999) return NULL; /* go down the layers until we find one */ - for (x = e_comp_canvas_layer_map(ec->layer) - 1; x >= e_comp_canvas_layer_map(E_LAYER_CLIENT_DESKTOP); x--) + x = e_comp_canvas_layer_map(ec->layer); + if (x > 0) x--; + + for (; x >= e_comp_canvas_layer_map(E_LAYER_CLIENT_DESKTOP); x--) { if (!e_comp->layers[x].clients) continue; EINA_INLIST_REVERSE_FOREACH(e_comp->layers[x].clients, ec2) --