Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
libXfont
u_0008-CVE-2014-0211-integer-overflow-in-fs_all...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File u_0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch of Package libXfont
From df45b2104dca6457eece772fe6171c9215ca5a09 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersmith@oracle.com> Date: Fri, 25 Apr 2014 23:02:54 -0700 Subject: [PATCH:libXfont 08/12] CVE-2014-XXXC: integer overflow in fs_alloc_glyphs() fs_alloc_glyphs() is a malloc wrapper used by the font code. It contains a classic integer overflow in the malloc() call, which can cause memory corruption. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> --- src/fc/fsconvert.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/fc/fsconvert.c b/src/fc/fsconvert.c index dfa1317..18b0c0d 100644 --- a/src/fc/fsconvert.c +++ b/src/fc/fsconvert.c @@ -721,7 +721,12 @@ fs_alloc_glyphs (FontPtr pFont, int size) FSGlyphPtr glyphs; FSFontPtr fsfont = (FSFontPtr) pFont->fontPrivate; - glyphs = malloc (sizeof (FSGlyphRec) + size); + if (size < (INT_MAX - sizeof (FSGlyphRec))) + glyphs = malloc (sizeof (FSGlyphRec) + size); + else + glyphs = NULL; + if (glyphs == NULL) + return NULL; glyphs->next = fsfont->glyphs; fsfont->glyphs = glyphs; return (pointer) (glyphs + 1); -- 1.7.9.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor