[PATCH libXpm] Fix out out boundary read on unknown colors
Matthieu Herrb
matthieu at herrb.eu
Tue Dec 6 21:42:39 UTC 2016
On Tue, Dec 06, 2016 at 10:31:53PM +0100, Matthieu Herrb wrote:
This is from https://bugs.freedesktop.org/show_bug.cgi?id=98877
> From: Tobias Stoeckmann <tobias at stoeckmann.org>
>
> libXpm is vulnerable to an out of boundary read if an XPM file contains
> a color with a symbolic name but without any default color value.
>
> A caller must set XpmColorSymbols and a color with a NULL name in
> the supplied XpmAttributes to XpmReadFileToImage (or other functions of
> this type) in order to trigger this issue.
> ---
> src/create.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/create.c b/src/create.c
> index d013da9..a750846 100644
> --- a/src/create.c
> +++ b/src/create.c
> @@ -647,7 +647,8 @@ CreateColors(
> while (def_index <= 5 && defaults[def_index] == NULL)
> ++def_index;
> }
> - if (def_index >= 2 && defaults[def_index] != NULL &&
> + if (def_index >= 2 && def_index <= 5 &&
> + defaults[def_index] != NULL &&
> !xpmstrcasecmp(symbol->value, defaults[def_index]))
> break;
> }
> --
> 2.10.2
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: https://lists.x.org/mailman/listinfo/xorg-devel
--
Matthieu Herrb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 793 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20161206/a40d2f2e/attachment.sig>
More information about the xorg-devel
mailing list