diff options
Diffstat (limited to 'debian/patches/1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyp.full.patch')
| -rw-r--r-- | debian/patches/1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyp.full.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/debian/patches/1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyp.full.patch b/debian/patches/1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyp.full.patch deleted file mode 100644 index d6d460b9a..000000000 --- a/debian/patches/1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyp.full.patch +++ /dev/null @@ -1,29 +0,0 @@ -From a0bed4d9fce8ffc96f13ca13b95d2a7913d20719 Mon Sep 17 00:00:00 2001 -From: Mike DePaulo <mikedep333@gmail.com> -Date: Sun, 8 Feb 2015 22:23:51 -0500 -Subject: [PATCH 13/40] CVE-2014-0211: integer overflow in fs_alloc_glyphs() - from xorg/lib/libXfont commit a42f707f8a62973f5e8bbcd08afb10a79e9cee33 - -fs_alloc_glyphs() is a malloc wrapper used by the font code. -It contains a classic integer overflow in the malloc() call, -which can cause memory corruption. ---- - nx-X11/lib/font/fc/fsconvert.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - ---- a/nx-X11/lib/font/fc/fsconvert.c -+++ b/nx-X11/lib/font/fc/fsconvert.c -@@ -762,7 +762,12 @@ fs_alloc_glyphs (FontPtr pFont, int size - FSGlyphPtr glyphs; - FSFontPtr fsfont = (FSFontPtr) pFont->fontPrivate; - -- glyphs = xalloc (sizeof (FSGlyphRec) + size); -+ if (size < (INT_MAX - sizeof (FSGlyphRec))) -+ glyphs = xalloc (sizeof (FSGlyphRec) + size); -+ else -+ glyphs = NULL; -+ if (glyphs == NULL) -+ return NULL; - glyphs->next = fsfont->glyphs; - fsfont->glyphs = glyphs; - return (pointer) (glyphs + 1); |