| From 57ad2c03730d56f8432b6d66b29c0e5a9f9b1ec2 Mon Sep 17 00:00:00 2001 |
| From: Jeremy Huddleston Sequoia <jeremyhu@apple.com> |
| Date: Sun, 4 Dec 2022 17:46:18 +0000 |
| Subject: [PATCH 3/3] xquartz: Fix a possible crash when editing the |
| Application menu due to mutaing immutable arrays |
| |
| Crashing on exception: -[__NSCFArray replaceObjectAtIndex:withObject:]: mutating method sent to immutable object |
| |
| Application Specific Backtrace 0: |
| 0 CoreFoundation 0x00007ff80d2c5e9b __exceptionPreprocess + 242 |
| 1 libobjc.A.dylib 0x00007ff80d027e48 objc_exception_throw + 48 |
| 2 CoreFoundation 0x00007ff80d38167b _CFThrowFormattedException + 194 |
| 3 CoreFoundation 0x00007ff80d382a25 -[__NSCFArray removeObjectAtIndex:].cold.1 + 0 |
| 4 CoreFoundation 0x00007ff80d2e6c0b -[__NSCFArray replaceObjectAtIndex:withObject:] + 119 |
| 5 X11.bin 0x00000001003180f9 -[X11Controller tableView:setObjectValue:forTableColumn:row:] + 169 |
| |
| Fixes: https://github.com/XQuartz/XQuartz/issues/267 |
| Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> |
| |
| Upstream-Status: Backport [https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3] |
| CVE: CVE-2022-3553 |
| Signed-off-by:Minjae Kim <flowergom@gmail.com> |
| |
| --- |
| hw/xquartz/X11Controller.m | 8 ++++++-- |
| 1 file changed, 6 insertions(+), 2 deletions(-) |
| |
| diff --git a/hw/xquartz/X11Controller.m b/hw/xquartz/X11Controller.m |
| index 3efda50..9870ff2 100644 |
| --- a/hw/xquartz/X11Controller.m |
| +++ b/hw/xquartz/X11Controller.m |
| @@ -467,8 +467,12 @@ extern char *bundle_id_prefix; |
| self.table_apps = table_apps; |
| |
| NSArray * const apps = self.apps; |
| - if (apps != nil) |
| - [table_apps addObjectsFromArray:apps]; |
| + |
| + if (apps != nil) { |
| + for (NSArray <NSString *> * row in apps) { |
| + [table_apps addObject:row.mutableCopy]; |
| + } |
| + } |
| |
| columns = [apps_table tableColumns]; |
| [[columns objectAtIndex:0] setIdentifier:@"0"]; |
| -- |
| 2.17.1 |
| |