Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
libXpm.30890
U_0007-Avoid-CVE-2023-43787-integer-overflow-in...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch of Package libXpm.30890
From 3bc3d486bcdb1d95bcb0ebc7d6fe5a18dc4eee95 Mon Sep 17 00:00:00 2001 From: Yair Mizrahi <yairm@jfrog.com> Date: Thu, 7 Sep 2023 16:59:07 -0700 Subject: [PATCH libXpm 7/7] Avoid CVE-2023-43787 (integer overflow in XCreateImage) This doesn't fix the CVE - that has to happen in libX11, this just tries to avoid triggering it from libXpm, and saves time in not pretending we can successfully create an X Image for which the width * depth would overflow the signed int used to store the bytes_per_line value. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> --- src/create.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/create.c b/src/create.c index ec562b2..b8c80d2 100644 --- a/src/create.c +++ b/src/create.c @@ -997,6 +997,11 @@ CreateXImage( *image_return = NULL; return XpmNoMemory; } + if (width != 0 && (*image_return)->bits_per_pixel >= INT_MAX / width) { + XDestroyImage(*image_return); + *image_return = NULL; + return XpmNoMemory; + } /* now that bytes_per_line must have been set properly alloc data */ if((*image_return)->bytes_per_line == 0 || height == 0) { XDestroyImage(*image_return); -- 2.39.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor