Backport NULL check to avoid a crash

Resolves: https://issues.redhat.com/browse/RHEL-58444
2024-09-13 16:40:30 +02:00 · 2024-09-13 16:40:30 +02:00 · 15a649f949
commit 15a649f949
parent 39ea10b841
2 changed files with 49 additions and 1 deletions
--- a/0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch
+++ b/0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch
@ -0,0 +1,40 @@
+From 623b77d4f30b47258a40f89262e5aa5d25e95fa7 Mon Sep 17 00:00:00 2001
+From: Benno Schulenberg <bensberg@telfort.nl>
+Date: Mon, 14 Feb 2022 11:33:25 +0100
+Subject: [PATCH] imDefLkup: verify that a pointer isn't NULL before using it
+
+It is possible for _XimICOfXICID() to return NULL, so it is necessary
+to check this isn't actually the case before dereferencing the pointer.
+All other callers of _XimICOfXICID() do this check too.
+
+(The check itself is ugly, but it follows the style of the code in the
+rest of the module.)
+
+Fixes issue #45.
+
+Reported-by: Bhavi Dhingra
+
+Original-patch-by: Bhavi Dhingra
+
+Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>
+---
+ modules/im/ximcp/imDefLkup.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/modules/im/ximcp/imDefLkup.c b/modules/im/ximcp/imDefLkup.c
+index dea7f66d..dd1adf53 100644
+--- a/modules/im/ximcp/imDefLkup.c
+++ b/modules/im/ximcp/imDefLkup.c
+@@ -88,7 +88,8 @@ _XimSetEventMaskCallback(
+ 
+     if (imid == im->private.proto.imid) {
+ 	if (icid) {
+-	    ic = _XimICOfXICID(im, icid);
+	    if (!(ic = _XimICOfXICID(im, icid)))
+		return False;
+ 	    _XimProcICSetEventMask(ic, (XPointer)&buf_s[2]);
+ 	} else {
+ 	    _XimProcIMSetEventMask(im, (XPointer)&buf_s[2]);
+-- 
+2.46.0
+
--- a/libX11.spec
+++ b/libX11.spec
@ -5,7 +5,7 @@
 Summary: Core X11 protocol client library
 Name: libX11
 Version: 1.6.8
-Release: 8%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
+Release: 9%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
 License: MIT
 Group: System Environment/Libraries
 URL: http://www.x.org
@ -42,6 +42,9 @@ Patch12: 0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
 # RHEL-23452
 Patch13: 0001-Avoid-recursing-through-_XError-due-to-sequence-adju.patch

+# https://issues.redhat.com/browse/RHEL-58444
+Patch14: 0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch
+
 BuildRequires: xorg-x11-util-macros >= 1.11
 BuildRequires: pkgconfig(xproto) >= 7.0.15
 BuildRequires: xorg-x11-xtrans-devel >= 1.0.3-4
@ -93,6 +96,7 @@ libX11/libxcb interoperability library
 %patch11 -p1 -b .xcreatepixmap-trigger-badvalue-error-for-out-of-rang
 %patch12 -p1 -b .cve-2023-43787
 %patch13 -p1 -b .rhel-23452
+%patch14 -p1 -b .rhel-58444

 %build
 autoreconf -v --install --force
@ -157,6 +161,10 @@ make %{?_smp_mflags} check
 %{_mandir}/man5/*.5*

 %changelog
+* Fri Sep 13 2024 José Expósito <jexposit@redhat.com> - 1.6.8-9
+- Backport NULL check to avoid a crash
+  Resolves: https://issues.redhat.com/browse/RHEL-58444
+
 * Tue Jan 30 2024 Olivier Fourdan <ofourdan@redhat.com> - 1.6.8-8
 - Backport fix for Xlib lockups due to recursive XError (RHEL-23452)