File U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in... of Package libXpm

Overview Repositories Revisions Requests Users Attributes Meta

File U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch of Package libXpm

From 2fa554b01ef6079a9b35df9332bdc4f139ed67e0 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 29 Apr 2023 17:50:39 -0700
Subject: [PATCH libXpm 1/7] Fix CVE-2023-43788: Out of bounds read in
 XpmCreateXpmImageFromBuffer

When the test case for CVE-2022-46285 was run with the Address Sanitizer
enabled, it found an out-of-bounds read in ParseComment() when reading
from a memory buffer instead of a file, as it continued to look for the
closing comment marker past the end of the buffer.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
 src/data.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/data.c b/src/data.c
index 7524e65..0b0f1f3 100644
--- a/src/data.c
+++ b/src/data.c
@@ -108,7 +108,7 @@ ParseComment(xpmData *data)
 		n++;
 		s2++;
 	    } while (c == *s2 && *s2 != '\0' && c);
-	    if (*s2 == '\0') {
+	    if (*s2 == '\0' || c == '\0') {
 		/* this is the end of the comment */
 		notend = 0;
 		data->cptr--;
-- 
2.39.3

Places

File U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch of Package libXpm

Places