aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/lib/src/ChGC.c
diff options
context:
space:
mode:
authorUlrich Sibiller <uli42@gmx.de>2019-06-19 23:10:40 +0200
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2019-06-22 11:30:41 +0200
commit234be0245324b01676aff764b756248f4e57b45d (patch)
tree601f9c484c658cd1242a9c439dcad028011883ad /nx-X11/lib/src/ChGC.c
parent8205db4254b4dfba3ecc0cd800e334bdf430b3e3 (diff)
downloadnx-libs-234be0245324b01676aff764b756248f4e57b45d.tar.gz
nx-libs-234be0245324b01676aff764b756248f4e57b45d.tar.bz2
nx-libs-234be0245324b01676aff764b756248f4e57b45d.zip
glyph.c: fix a read beyond end of heap buffer
If compiled with -fsanitize=address this showed up when running startlxde: ==11551==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d000018fbc at pc 0x7f270a9ed57b bp 0x7fff30ef3050 sp 0x7fff30ef2800 READ of size 204 at 0x60d000018fbc thread T0 #0 0x7f270a9ed57a (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xb857a) #1 0x559dafcd5c93 in FindGlyphRef ../../render/glyph.c:179 #2 0x559dafcd705d in AddGlyph /work/nx-libs/nx-X11/programs/Xserver/hw/nxagent/NXglyph.c:71 #3 0x559dafccc0ff in ProcRenderAddGlyphs ../../mi/../render/render.c:1186 #4 0x559dafcbd5a5 in ProcRenderDispatch /work/nx-libs/nx-X11/programs/Xserver/hw/nxagent/NXrender.c:1689 #5 0x559dafcbc4ea in Dispatch /work/nx-libs/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c:476 #6 0x559dafc4e9b0 in main /work/nx-libs/nx-X11/programs/Xserver/dix/main.c:353 #7 0x7f2708e1d09a in __libc_start_main ../csu/libc-start.c:308 #8 0x559dafc4f5d9 in _start (/work/nx-libs/nx-X11/programs/Xserver/nxagent+0x6e5d9) 0x60d000018fbc is located 0 bytes to the right of 140-byte region [0x60d000018f30,0x60d000018fbc) allocated by thread T0 here: #0 0x7f270aa1e330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330) #1 0x559dafcd646c in AllocateGlyph ../../render/glyph.c:348 This happens when two glyphs are compared via memcmp and the smaller one happens to be identical to the beginning of the bigger one. Newer render implementations use a sha1 hash instead of memcmp so this patch will (hopefully) be obsolete once render gets updated.
Diffstat (limited to 'nx-X11/lib/src/ChGC.c')
0 files changed, 0 insertions, 0 deletions