LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0

Specially crafted LZW stream can crash an application using libXfont that is used to open untrusted font files. With X server, this may allow privilege escalation when exploited
author: Mike DePaulo <mikedep333@gmail.com> 2015-02-08 19:15:20 -0500
committer: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> 2015-02-14 16:14:31 +0100
commit: af55da1e9c1a6a352b24823a8f7062c288ffbbc0 (patch)
tree: c40bf03134cb49ce7b8aac584346e9c08c965ffb
parent: 902dc519d96be582088e5fe0644cefac7ecc0133 (diff)
download: nx-libs-af55da1e9c1a6a352b24823a8f7062c288ffbbc0.tar.gz
nx-libs-af55da1e9c1a6a352b24823a8f7062c288ffbbc0.tar.bz2
nx-libs-af55da1e9c1a6a352b24823a8f7062c288ffbbc0.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/nx-X11/lib/font/fontfile/decompress.c b/nx-X11/lib/font/fontfile/decompress.c
index a4c546871..553b31585 100644
--- a/nx-X11/lib/font/fontfile/decompress.c
+++ b/nx-X11/lib/font/fontfile/decompress.c
@@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f)
      	 */
     	while ( code >= 256 )
     	{
+	    if (stackp - de_stack >= STACK_SIZE - 1)
+		return BUFFILEEOF;
 	    *stackp++ = file->tab_suffix[code];
 	    code = file->tab_prefix[code];
     	}
author	Mike DePaulo <mikedep333@gmail.com>	2015-02-08 19:15:20 -0500
committer	Mike Gabriel <mike.gabriel@das-netzwerkteam.de>	2015-02-14 16:14:31 +0100
commit	af55da1e9c1a6a352b24823a8f7062c288ffbbc0 (patch)
tree	c40bf03134cb49ce7b8aac584346e9c08c965ffb
parent	902dc519d96be582088e5fe0644cefac7ecc0133 (diff)
download	nx-libs-af55da1e9c1a6a352b24823a8f7062c288ffbbc0.tar.gz nx-libs-af55da1e9c1a6a352b24823a8f7062c288ffbbc0.tar.bz2 nx-libs-af55da1e9c1a6a352b24823a8f7062c288ffbbc0.zip