util: Changes to 'master'
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Sun Jun 9 16:44:34 UTC 2019
ucs2any.c | 6 ++++++
1 file changed, 6 insertions(+)
New commits:
commit c5d12b729b61576069f479a0b5141aedea04676b
Author: Tobias Stoeckmann <tobias at stoeckmann.org>
Date: Wed Nov 8 21:36:32 2017 +0100
ucs2any: Fix parser crash on 32 bit
It is possible to crash ucs2any or provoke successful return value even
though the processing was not successful.
The problem lies within a possible integer overflow when adding elements
with a key which is too large.
You can trigger the issue this way on a 32 bit system:
$ cat > source.bdf << "EOF"
STARTFONT source
CHARS 1
ENCODING 1073741823
EOF
$ ucs2any source.bdf
Segmentation fault
$ _
Another possibility would be to add "ENCODING 1" right after the CHARS
line. In that case, realloc will allocate 0 bytes afterwards which is a
success but might return NULL, e.g. on Linux/glibc systems. Such a
result value is handled as an error and errno is evaluated and returned,
even though there was no error:
$ cat > source.bdf << "EOF"
STARTFONT source
CHARS 1
ENCODING 1
ENCODING 1073741823
EOF
$ ucs2any source.bdf
ucs2any: Success
$ echo $?
0
$ _
Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
More information about the xorg-commit
mailing list