37 lines
1.0 KiB
Diff
37 lines
1.0 KiB
Diff
From 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 Mon Sep 17 00:00:00 2001
|
|
From: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Date: Sat, 29 Apr 2023 18:30:34 -0700
|
|
Subject: [PATCH] Fix CVE-2023-43789: Out of bounds read on XPM with corrupted
|
|
colormap
|
|
|
|
Found with clang's libfuzzer
|
|
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
---
|
|
lib/Xm/Xpmdata.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/lib/Xm/Xpmdata.c b/lib/Xm/Xpmdata.c
|
|
index 0b0f1f3..6e87455 100644
|
|
--- a/lib/Xm/Xpmdata.c
|
|
+++ b/lib/Xm/Xpmdata.c
|
|
@@ -259,13 +259,13 @@ xpmNextWord(
|
|
int c;
|
|
|
|
if (!mdata->type || mdata->type == XPMBUFFER) {
|
|
- while (isspace(c = *mdata->cptr) && c != mdata->Eos)
|
|
+ while ((c = *mdata->cptr) && isspace(c) && (c != mdata->Eos))
|
|
mdata->cptr++;
|
|
do {
|
|
c = *mdata->cptr++;
|
|
*buf++ = c;
|
|
n++;
|
|
- } while (!isspace(c) && c != mdata->Eos && n < buflen);
|
|
+ } while (c && !isspace(c) && (c != mdata->Eos) && (n < buflen));
|
|
n--;
|
|
mdata->cptr--;
|
|
} else {
|
|
--
|
|
2.41.0
|
|
|