|
 |
fe4c4e |
From 2c67fab8415a1d32395de87f056bc5f3b37fedb0 Mon Sep 17 00:00:00 2001
|
|
|
fe4c4e |
From: Matthieu Herrb <matthieu@herrb.eu>
|
|
|
fe4c4e |
Date: Thu, 13 Aug 2020 18:02:58 +0200
|
|
|
fe4c4e |
Subject: [PATCH] Fix an integer overflow in init_om()
|
|
|
fe4c4e |
MIME-Version: 1.0
|
|
|
fe4c4e |
Content-Type: text/plain; charset=UTF-8
|
|
|
fe4c4e |
Content-Transfer-Encoding: 8bit
|
|
|
fe4c4e |
|
|
|
fe4c4e |
CVE-2020-14363
|
|
|
fe4c4e |
|
|
|
fe4c4e |
This can lead to a double free later, as reported by Jayden Rivers.
|
|
|
fe4c4e |
|
|
|
fe4c4e |
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
|
fe4c4e |
|
|
|
fe4c4e |
(cherry picked from commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d)
|
|
|
fe4c4e |
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
|
|
|
fe4c4e |
---
|
|
|
fe4c4e |
modules/om/generic/omGeneric.c | 3 ++-
|
|
|
fe4c4e |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
fe4c4e |
|
|
|
fe4c4e |
diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c
|
|
|
fe4c4e |
index 22f826ec..bcfb9ab8 100644
|
|
|
fe4c4e |
--- a/modules/om/generic/omGeneric.c
|
|
|
fe4c4e |
+++ b/modules/om/generic/omGeneric.c
|
|
|
fe4c4e |
@@ -1908,7 +1908,8 @@ init_om(
|
|
|
fe4c4e |
char **required_list;
|
|
|
fe4c4e |
XOrientation *orientation;
|
|
|
fe4c4e |
char **value, buf[BUFSIZ], *bufptr;
|
|
|
fe4c4e |
- int count = 0, num = 0, length = 0;
|
|
|
fe4c4e |
+ int count = 0, num = 0;
|
|
|
fe4c4e |
+ unsigned int length = 0;
|
|
|
fe4c4e |
|
|
|
fe4c4e |
_XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count);
|
|
|
fe4c4e |
if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)
|
|
|
fe4c4e |
--
|
|
|
fe4c4e |
2.28.0
|
|
|
fe4c4e |
|