From bbde5b62a137ba726a747b838d81e92d72c1b42b Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@bluenote.herrb.com>
Date: Thu, 17 Jan 2008 15:26:41 +0100
Subject: [PATCH] Fix for CVE-2008-0006 - server side part of fix

diff -up xorg-x11-6.8.2/xc/programs/Xserver/dix/dixfonts.c.jx xorg-x11-6.8.2/xc/programs/Xserver/dix/dixfonts.c
--- xorg-x11-6.8.2/xc/programs/Xserver/dix/dixfonts.c.jx	2004-04-23 15:04:44.000000000 -0400
+++ xorg-x11-server/dix/dixfonts.c	2008-01-14 11:15:00.000000000 -0500
@@ -339,6 +339,13 @@ doOpenFont(ClientPtr client, OFclosurePt
 	err = BadFontName;
 	goto bail;
     }
+    /* check values for firstCol, lastCol, firstRow, and lastRow */
+    if (pfont->info.firstCol > pfont->info.lastCol ||
+	pfont->info.firstRow > pfont->info.lastRow ||
+	pfont->info.lastCol - pfont->info.firstCol > 255) {
+	err = AllocError;
+	goto bail;
+    }
     if (!pfont->fpe)
 	pfont->fpe = fpe;
     pfont->refcnt++;