aboutsummaryrefslogtreecommitdiff
path: root/debian/patches/1012-CVE-2014-0211-integer-overflow-in-fs_read_exten.full.patch
diff options
context:
space:
mode:
authorMihai Moldovan <ionic@ionic.de>2017-12-15 12:55:17 +0100
committerMihai Moldovan <ionic@ionic.de>2017-12-15 12:55:17 +0100
commit1dad092caf01d733990648e6df64cbf964df5143 (patch)
tree39de0e643e76754a3e23ca9dd0350b8ba4f76250 /debian/patches/1012-CVE-2014-0211-integer-overflow-in-fs_read_exten.full.patch
parent6d70b9e3c47f27a166f4aacb522c5c1e49092dd9 (diff)
parent2b9025f797ee322e21077e100c2ee27c2e7fa0e0 (diff)
downloadnx-libs-1dad092caf01d733990648e6df64cbf964df5143.tar.gz
nx-libs-1dad092caf01d733990648e6df64cbf964df5143.tar.bz2
nx-libs-1dad092caf01d733990648e6df64cbf964df5143.zip
Merge branch '3.6.x'
Diffstat (limited to 'debian/patches/1012-CVE-2014-0211-integer-overflow-in-fs_read_exten.full.patch')
-rw-r--r--debian/patches/1012-CVE-2014-0211-integer-overflow-in-fs_read_exten.full.patch43
1 files changed, 0 insertions, 43 deletions
diff --git a/debian/patches/1012-CVE-2014-0211-integer-overflow-in-fs_read_exten.full.patch b/debian/patches/1012-CVE-2014-0211-integer-overflow-in-fs_read_exten.full.patch
deleted file mode 100644
index be0dded23..000000000
--- a/debian/patches/1012-CVE-2014-0211-integer-overflow-in-fs_read_exten.full.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From bb7abd9da9badc6cb825c636867cbef827141f36 Mon Sep 17 00:00:00 2001
-From: Mike DePaulo <mikedep333@gmail.com>
-Date: Sun, 8 Feb 2015 22:19:01 -0500
-Subject: [PATCH 12/40] CVE-2014-0211: integer overflow in
- fs_read_extent_info() from xorg/lib/libXfont commit
- c578408c1fd4db09e4e3173f8a9e65c81cc187c1
-
-fs_read_extent_info() parses a reply from the font server.
-The reply contains a 32bit number of elements field which is used
-to calculate a buffer length. There is an integer overflow in this
-calculation which can lead to memory corruption.
----
- nx-X11/lib/font/fc/fserve.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
---- a/nx-X11/lib/font/fc/fserve.c
-+++ b/nx-X11/lib/font/fc/fserve.c
-@@ -73,6 +73,7 @@ in this Software without prior written a
- #include "fservestr.h"
- #include <X11/fonts/fontutil.h>
- #include <errno.h>
-+#include <limits.h>
-
- #include <time.h>
- #define Time_t time_t
-@@ -1061,7 +1062,16 @@ fs_read_extent_info(FontPathElementPtr f
- numInfos *= 2;
- haveInk = TRUE;
- }
-- ci = pCI = (CharInfoPtr) xalloc(sizeof(CharInfoRec) * numInfos);
-+ if (numInfos >= (INT_MAX / sizeof(CharInfoRec))) {
-+#ifdef DEBUG
-+ fprintf(stderr,
-+ "fsQueryXExtents16: numInfos (%d) >= %ld\n",
-+ numInfos, (INT_MAX / sizeof(CharInfoRec)));
-+#endif
-+ pCI = NULL;
-+ }
-+ else
-+ pCI = malloc(sizeof(CharInfoRec) * numInfos);
-
- if (!pCI)
- {