aboutsummaryrefslogtreecommitdiff
path: root/debian/patches/1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-.full.patch
blob: 162bb218bf7f53a927a8381e3609aea437f91745 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
From af55da1e9c1a6a352b24823a8f7062c288ffbbc0 Mon Sep 17 00:00:00 2001
From: Mike DePaulo <mikedep333@gmail.com>
Date: Sun, 8 Feb 2015 19:15:20 -0500
Subject: [PATCH 01/40] LZW decompress: fix for CVE-2011-2895 From
 xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0

    Specially crafted LZW stream can crash an application using libXfont
    that is used to open untrusted font files.  With X server, this may
    allow privilege escalation when exploited
---
 nx-X11/lib/font/fontfile/decompress.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nx-X11/lib/font/fontfile/decompress.c b/nx-X11/lib/font/fontfile/decompress.c
index a4c5468..553b315 100644
--- a/nx-X11/lib/font/fontfile/decompress.c
+++ b/nx-X11/lib/font/fontfile/decompress.c
@@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f)
      	 */
     	while ( code >= 256 )
     	{
+	    if (stackp - de_stack >= STACK_SIZE - 1)
+		return BUFFILEEOF;
 	    *stackp++ = file->tab_suffix[code];
 	    code = file->tab_prefix[code];
     	}
-- 
2.1.4