diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-05-16 23:05:36 -0700 |
---|---|---|
committer | Ulrich Sibiller <uli42@gmx.de> | 2016-10-19 21:40:27 +0200 |
commit | 71fb99cb433d657bd9f4898a93a6ba4733c7093e (patch) | |
tree | 16718f1a326b71ccfaf13bb95c3e41f1523e1dbe | |
parent | 78ed233308babdeb428d9292f7e40e438e9b2efd (diff) | |
download | nx-libs-71fb99cb433d657bd9f4898a93a6ba4733c7093e.tar.gz nx-libs-71fb99cb433d657bd9f4898a93a6ba4733c7093e.tar.bz2 nx-libs-71fb99cb433d657bd9f4898a93a6ba4733c7093e.zip |
Free fs->properties in XF86BigfontQueryFont overflow error path
Fixes small memory leak introduced in commit 5669a22081
Reported-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Hint: Upstream commit 5669a22081 is "integer overflow in _XF86BigfontQueryFont() [CVE-2013-1981 2/13]"
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
-rw-r--r-- | nx-X11/lib/X11/Font.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nx-X11/lib/X11/Font.c b/nx-X11/lib/X11/Font.c index c0efb3f45..7943ba7a1 100644 --- a/nx-X11/lib/X11/Font.c +++ b/nx-X11/lib/X11/Font.c @@ -508,6 +508,7 @@ _XF86BigfontQueryFont ( any real font needs, so the combined total doesn't overflow either */ if (reply.nUniqCharInfos > ((ULONG_MAX / 2) / SIZEOF(xCharInfo)) || reply.nCharInfos > ((ULONG_MAX / 2) / sizeof(CARD16))) { + Xfree((char *) fs->properties); Xfree((char *) fs); _XEatDataWords(dpy, reply_left); return (XFontStruct *)NULL; |