| From acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d Mon Sep 17 00:00:00 2001 |
| From: Matthieu Herrb <matthieu@herrb.eu> |
| Date: Thu, 13 Aug 2020 18:02:58 +0200 |
| Subject: [PATCH] Fix an integer overflow in init_om() |
| |
| CVE-2020-14363 |
| |
| This can lead to a double free later, as reported by Jayden Rivers. |
| |
| Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> |
| |
| Upstream-Status: Backport |
| [https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d] |
| CVE: CVE-2020-14363 |
| Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> |
| --- |
| modules/om/generic/omGeneric.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c |
| index c44acb88..406cec93 100644 |
| --- a/modules/om/generic/omGeneric.c |
| +++ b/modules/om/generic/omGeneric.c |
| @@ -1908,7 +1908,8 @@ init_om( |
| char **required_list; |
| XOrientation *orientation; |
| char **value, buf[BUFSIZ], *bufptr; |
| - int count = 0, num = 0, length = 0; |
| + int count = 0, num = 0; |
| + unsigned int length = 0; |
| |
| _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count); |
| if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0) |
| -- |
| GitLab |
| |