Tree - rpms/libX11 - CentOS Git server

rpms / libX11

Files

Commit: 4c0e329812e19a8909fbaf0a22ac4fcdaf930a0a

Blob Blame History Raw

From dc2363d6c6aaf4d0ef94d4cc5f35d55688d83a84 Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@herrb.eu>
Date: Thu, 13 Aug 2020 18:02:58 +0200
Subject: [PATCH] Fix an integer overflow in init_om()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2020-14363

This can lead to a double free later, as reported by Jayden Rivers.

Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>

(cherry picked from commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d)
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
---
 modules/om/generic/omGeneric.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c
index 61070ca3..725e0dc7 100644
--- a/modules/om/generic/omGeneric.c
+++ b/modules/om/generic/omGeneric.c
@@ -1920,7 +1920,8 @@ init_om(
     char **required_list;
     XOrientation *orientation;
     char **value, buf[BUFSIZ], *bufptr;
-    int count = 0, num = 0, length = 0;
+    int count = 0, num = 0;
+    unsigned int length = 0;
 
     _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count);
     if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)
-- 
2.28.0

rpms / libX11

Source Code

Files