Backport NULL check to avoid a crash

Resolves: https://issues.redhat.com/browse/RHEL-58298
2024-09-13 16:33:38 +02:00 · 2024-09-13 16:33:38 +02:00 · 8cd8488ac7
commit 8cd8488ac7
parent e9927e694f
2 changed files with 48 additions and 1 deletions
--- a/0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch
+++ b/0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch
@ -0,0 +1,40 @@
+From 623b77d4f30b47258a40f89262e5aa5d25e95fa7 Mon Sep 17 00:00:00 2001
+From: Benno Schulenberg <bensberg@telfort.nl>
+Date: Mon, 14 Feb 2022 11:33:25 +0100
+Subject: [PATCH] imDefLkup: verify that a pointer isn't NULL before using it
+
+It is possible for _XimICOfXICID() to return NULL, so it is necessary
+to check this isn't actually the case before dereferencing the pointer.
+All other callers of _XimICOfXICID() do this check too.
+
+(The check itself is ugly, but it follows the style of the code in the
+rest of the module.)
+
+Fixes issue #45.
+
+Reported-by: Bhavi Dhingra
+
+Original-patch-by: Bhavi Dhingra
+
+Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>
+---
+ modules/im/ximcp/imDefLkup.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/modules/im/ximcp/imDefLkup.c b/modules/im/ximcp/imDefLkup.c
+index dea7f66d..dd1adf53 100644
+--- a/modules/im/ximcp/imDefLkup.c
+++ b/modules/im/ximcp/imDefLkup.c
+@@ -88,7 +88,8 @@ _XimSetEventMaskCallback(
+ 
+     if (imid == im->private.proto.imid) {
+ 	if (icid) {
+-	    ic = _XimICOfXICID(im, icid);
+	    if (!(ic = _XimICOfXICID(im, icid)))
+		return False;
+ 	    _XimProcICSetEventMask(ic, (XPointer)&buf_s[2]);
+ 	} else {
+ 	    _XimProcIMSetEventMask(im, (XPointer)&buf_s[2]);
+-- 
+2.46.0
+
--- a/libX11.spec
+++ b/libX11.spec
@ -5,7 +5,7 @@
 Summary: Core X11 protocol client library
 Name: libX11
 Version: 1.7.0
-Release: 9%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
+Release: 10%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
 License: MIT
 URL: http://www.x.org

@ -33,6 +33,9 @@ Patch8: 0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
 # CVE-2023-43787
 Patch9: 0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch

+# https://issues.redhat.com/browse/RHEL-58298
+Patch10: 0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch
+
 BuildRequires: make
 BuildRequires: xorg-x11-util-macros >= 1.11
 BuildRequires: pkgconfig(xproto) >= 7.0.15
@ -135,6 +138,10 @@ make %{?_smp_mflags} check
 %{_mandir}/man5/*.5*

 %changelog
+* Fri Sep 13 2024 José Expósito <jexposit@redhat.com> - 1.7.0-10
+- Backport NULL check to avoid a crash
+  Resolves: https://issues.redhat.com/browse/RHEL-58298
+
 * Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 1.7.0-9
 - Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms()
 - Fix CVE-2023-43786: stack exhaustion from infinite recursion in