aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2013-05-16 23:05:36 -0700
committerUlrich Sibiller <uli42@gmx.de>2016-10-19 21:40:27 +0200
commit71fb99cb433d657bd9f4898a93a6ba4733c7093e (patch)
tree16718f1a326b71ccfaf13bb95c3e41f1523e1dbe
parent78ed233308babdeb428d9292f7e40e438e9b2efd (diff)
downloadnx-libs-71fb99cb433d657bd9f4898a93a6ba4733c7093e.tar.gz
nx-libs-71fb99cb433d657bd9f4898a93a6ba4733c7093e.tar.bz2
nx-libs-71fb99cb433d657bd9f4898a93a6ba4733c7093e.zip
Free fs->properties in XF86BigfontQueryFont overflow error path
Fixes small memory leak introduced in commit 5669a22081 Reported-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Hint: Upstream commit 5669a22081 is "integer overflow in _XF86BigfontQueryFont() [CVE-2013-1981 2/13]" Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
-rw-r--r--nx-X11/lib/X11/Font.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/nx-X11/lib/X11/Font.c b/nx-X11/lib/X11/Font.c
index c0efb3f45..7943ba7a1 100644
--- a/nx-X11/lib/X11/Font.c
+++ b/nx-X11/lib/X11/Font.c
@@ -508,6 +508,7 @@ _XF86BigfontQueryFont (
any real font needs, so the combined total doesn't overflow either */
if (reply.nUniqCharInfos > ((ULONG_MAX / 2) / SIZEOF(xCharInfo)) ||
reply.nCharInfos > ((ULONG_MAX / 2) / sizeof(CARD16))) {
+ Xfree((char *) fs->properties);
Xfree((char *) fs);
_XEatDataWords(dpy, reply_left);
return (XFontStruct *)NULL;