On Tue, Dec 06, 2016 at 10:31:53PM +0100, Matthieu Herrb wrote: This is from https://bugs.freedesktop.org/show_bug.cgi?id=98877
> From: Tobias Stoeckmann <tob...@stoeckmann.org> > > libXpm is vulnerable to an out of boundary read if an XPM file contains > a color with a symbolic name but without any default color value. > > A caller must set XpmColorSymbols and a color with a NULL name in > the supplied XpmAttributes to XpmReadFileToImage (or other functions of > this type) in order to trigger this issue. > --- > src/create.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/src/create.c b/src/create.c > index d013da9..a750846 100644 > --- a/src/create.c > +++ b/src/create.c > @@ -647,7 +647,8 @@ CreateColors( > while (def_index <= 5 && defaults[def_index] == NULL) > ++def_index; > } > - if (def_index >= 2 && defaults[def_index] != NULL && > + if (def_index >= 2 && def_index <= 5 && > + defaults[def_index] != NULL && > !xpmstrcasecmp(symbol->value, defaults[def_index])) > break; > } > -- > 2.10.2 > > _______________________________________________ > xorg-devel@lists.x.org: X.Org development > Archives: http://lists.x.org/archives/xorg-devel > Info: https://lists.x.org/mailman/listinfo/xorg-devel -- Matthieu Herrb
signature.asc
Description: PGP signature
_______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel