diff options
| author | Thomas Klausner <wiz@NetBSD.org> | 2013-06-25 22:35:29 +0200 |
|---|---|---|
| committer | Ulrich Sibiller <uli42@gmx.de> | 2016-10-19 21:40:27 +0200 |
| commit | 39c6e5aa859c633fcb48e299643bb0189f333a0d (patch) | |
| tree | 32e38227c9f0ef7ae5708879f94152bf1a44de18 /nx-X11/lib/X11/GetFPath.c | |
| parent | ac3d26251f8de17839dbdada457ffcd670338d0a (diff) | |
| download | nx-libs-39c6e5aa859c633fcb48e299643bb0189f333a0d.tar.gz nx-libs-39c6e5aa859c633fcb48e299643bb0189f333a0d.tar.bz2 nx-libs-39c6e5aa859c633fcb48e299643bb0189f333a0d.zip | |
Tighten out-of-range comparisons.
[For all of these, LONG_MAX was the correct value to prevent overflows
for the recent CVEs. Lowering to INT_MAX catches buggy replies from
the server that 32-bit clients would reject but 64-bit would accept,
so we catch bugs sooner, and really, no sane & working server should
ever report more than 2gb of extension names, font path entries,
key modifier maps, etc. -alan- ]
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
Diffstat (limited to 'nx-X11/lib/X11/GetFPath.c')
| -rw-r--r-- | nx-X11/lib/X11/GetFPath.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nx-X11/lib/X11/GetFPath.c b/nx-X11/lib/X11/GetFPath.c index abd4a5dbd..8f8c6144a 100644 --- a/nx-X11/lib/X11/GetFPath.c +++ b/nx-X11/lib/X11/GetFPath.c @@ -50,7 +50,7 @@ char **XGetFontPath( if (rep.nPaths) { flist = Xmalloc(rep.nPaths * sizeof (char *)); - if (rep.length < (LONG_MAX >> 2)) { + if (rep.length < (INT_MAX >> 2)) { nbytes = (unsigned long) rep.length << 2; ch = Xmalloc (nbytes + 1); /* +1 to leave room for last null-terminator */ |