aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/lib/Xxf86vm
diff options
context:
space:
mode:
authorMike DePaulo <mikedep333@gmail.com>2015-02-08 20:28:30 -0500
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2015-02-14 16:14:31 +0100
commitf53f2474d5d33cca04c4c7744ecc50cec41ba94f (patch)
treec579b648466bb320434ea70f03deab56c5446d14 /nx-X11/lib/Xxf86vm
parentac6694378e0ed4bdffa6e1318c9d4beda24a6b0e (diff)
downloadnx-libs-f53f2474d5d33cca04c4c7744ecc50cec41ba94f.tar.gz
nx-libs-f53f2474d5d33cca04c4c7744ecc50cec41ba94f.tar.bz2
nx-libs-f53f2474d5d33cca04c4c7744ecc50cec41ba94f.zip
CVE-2014-0209: integer overflow of realloc() size in FontFileAddEntry() from xorg/lib/libXfont commit 2f5e57317339c526e6eaee1010b0e2ab8089c42e
FontFileReadDirectory() opens a fonts.dir file, and reads over every line in an fscanf loop. For each successful entry read (font name, file name) a call is made to FontFileAddFontFile(). FontFileAddFontFile() will add a font file entry (for the font name and file) each time it’s called, by calling FontFileAddEntry(). FontFileAddEntry() will do the actual adding. If the table it has to add to is full, it will do a realloc, adding 100 more entries to the table size without checking to see if that will overflow the int used to store the size.
Diffstat (limited to 'nx-X11/lib/Xxf86vm')
0 files changed, 0 insertions, 0 deletions