On Sun, 2017-03-19 at 17:55 +0100, Tobias Stoeckmann wrote:
> If a client sends a RecordUnregisterClients request with an nClients
> field larger than INT_MAX / 4, an integer overflow leads to an
> out of boundary access in RecordSanityCheckClientSpecifiers.
>
> An example line with libXtst would
If a client sends a RecordUnregisterClients request with an nClients
field larger than INT_MAX / 4, an integer overflow leads to an
out of boundary access in RecordSanityCheckClientSpecifiers.
An example line with libXtst would be:
XRecordUnregisterClients(dpy, rc, clients, 0x4001);
---