Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:Update
libXpm
U_0004-test-Add-test-case-for-CVE-2023-43786-st...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch of Package libXpm
From edb97396620f019f8d2e707ad3fbaf6bbbd5ed36 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersmith@oracle.com> Date: Tue, 5 Sep 2023 17:01:58 -0700 Subject: [PATCH libXpm 4/7] test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage) Provided by Yair Mizrahi of the JFrog Vulnerability Research team Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> --- test/pixmaps/README.md | 13 + .../other/overflow-stackexhaustion.xpm | 277 ++++++++++++++++++ 2 files changed, 290 insertions(+) create mode 100644 test/pixmaps/other/overflow-stackexhaustion.xpm Index: libXpm-3.5.12/test/pixmaps/README.md =================================================================== --- libXpm-3.5.12.orig/test/pixmaps/README.md +++ libXpm-3.5.12/test/pixmaps/README.md @@ -63,3 +63,16 @@ return XpmNoMemory when parsed. - oversize.xpm - This file specifies more pixels than can be mapped in a 64-bit address space that already has programs & libraries mapped in. + +other +----- + +Those under the `other` subdirectory don't fit cleanly in any of the above +categories, and may be valid for some uses but not others, and thus can't be +easily used in the current test framework, but are still interesting cases. + +- overflow-stackexhaustion.xpm - This file was provided by Yair Mizrahi of + the JFrog Vulnerability Research team as a test for CVE-2023-43786. + It is a valid XPM file, but is larger than fits into an X Pixmap, so + should pass with many functions, but fail when used with sxpm or + anything that calls through to xpmCreatePixmapFromImage(). Index: libXpm-3.5.12/test/pixmaps/other/overflow-stackexhaustion.xpm =================================================================== --- /dev/null +++ libXpm-3.5.12/test/pixmaps/other/overflow-stackexhaustion.xpm @@ -0,0 +1,277 @@ +/* XPM */ +/* + * Copyright (c) 1993, 1995, Oracle and/or its affiliates. + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice (including the next + * paragraph) shall be included in all copies or substantial portions of the + * Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ +static char * Dimple_pm[] = { +/* width height ncolors cpp [x_hot y_hot] */ +"000000090000 1 247 1 1 1", +/* colors */ +" s background m black c #ffffffffffff", +". s topShadowColor m white c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +" + s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"} s bottomShadowColor m black c #ffffffffffff", +"; s bottomShadowColor m black c #ffffffffffff", +". s bottomShadowColor m black c #ffffffffffff", +/* pixels */ +" };
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor