Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Step:15
libX11
U_004-FixSignedLengthValuesIn_XimGetAttributeID...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_004-FixSignedLengthValuesIn_XimGetAttributeID.patch of Package libX11
From: Todd Carson <tc@daybefore.net> The lengths are unsigned according to the specification. Passing negative values can lead to data corruption. Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> --- modules/im/ximcp/imRmAttr.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) Index: libX11-1.6.5/modules/im/ximcp/imRmAttr.c =================================================================== --- libX11-1.6.5.orig/modules/im/ximcp/imRmAttr.c +++ libX11-1.6.5/modules/im/ximcp/imRmAttr.c @@ -1393,13 +1393,13 @@ _XimEncodeSavedICATTRIBUTE( static unsigned int _XimCountNumberOfAttr( - INT16 total, - CARD16 *attr, - int *names_len) + CARD16 total, + CARD16 *attr, + unsigned int *names_len) { unsigned int n; - INT16 len; - INT16 min_len = sizeof(CARD16) /* sizeof attribute ID */ + CARD16 len; + CARD16 min_len = sizeof(CARD16) /* sizeof attribute ID */ + sizeof(CARD16) /* sizeof type of value */ + sizeof(INT16); /* sizeof length of attribute */ @@ -1407,6 +1407,9 @@ _XimCountNumberOfAttr( *names_len = 0; while (total > min_len) { len = attr[2]; + if (len >= (total - min_len)) { + return 0; + } *names_len += (len + 1); len += (min_len + XIM_PAD(len + 2)); total -= len; @@ -1421,17 +1424,15 @@ _XimGetAttributeID( Xim im, CARD16 *buf) { - unsigned int n; + unsigned int n, names_len, values_len; XIMResourceList res; char *names; - int names_len; XPointer tmp; XIMValuesList *values_list; char **values; - int values_len; register int i; - INT16 len; - INT16 min_len = sizeof(CARD16) /* sizeof attribute ID */ + CARD16 len; + CARD16 min_len = sizeof(CARD16) /* sizeof attribute ID */ + sizeof(CARD16) /* sizeof type of value */ + sizeof(INT16); /* sizeof length of attr */ /*
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor