From 7dc1717ff0f96b99271a912b8948dfce5164d5ad Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@bluenote.herrb.com>
Date: Thu, 17 Jan 2008 15:28:03 +0100
Subject: [PATCH] Fix for CVE-2007-6428 - TOG-cup extension memory corruption.

---
 Xext/cup.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/Xext/cup.c b/Xext/cup.c
index d0e820c..fd1409e 100644
--- a/Xext/cup.c
+++ b/Xext/cup.c
@@ -176,6 +176,9 @@ int ProcGetReservedColormapEntries(
 
     REQUEST_SIZE_MATCH (xXcupGetReservedColormapEntriesReq);
 
+    if (stuff->screen >= screenInfo.numScreens)
+	return BadValue;
+
 #ifndef HAVE_SPECIAL_DESKTOP_COLORS
     citems[CUP_BLACK_PIXEL].pixel = 
 	screenInfo.screens[stuff->screen]->blackPixel;
-- 
1.5.3.6