diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2015-02-06 15:50:45 -0800 |
---|---|---|
committer | Mike DePaulo <mikedep333@gmail.com> | 2015-03-28 13:05:57 -0400 |
commit | e195099b83a23182925f20028de3e9ea4fe64845 (patch) | |
tree | af382d3b851a95e90e05a71649af56044ec784e2 /pthreads/ptw32_callUserDestroyRoutines.c | |
parent | 7e5f8b1f5a3cb6c7c9f784900f3b0b23215441bb (diff) | |
download | vcxsrv-e195099b83a23182925f20028de3e9ea4fe64845.tar.gz vcxsrv-e195099b83a23182925f20028de3e9ea4fe64845.tar.bz2 vcxsrv-e195099b83a23182925f20028de3e9ea4fe64845.zip |
bdfReadProperties: property count needs range check [CVE-2015-1802]
Avoid integer overflow or underflow when allocating memory arrays
by multiplying the number of properties reported for a BDF font.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit 2deda9906480f9c8ae07b8c2a5510cc7e4c59a8e)
Diffstat (limited to 'pthreads/ptw32_callUserDestroyRoutines.c')
0 files changed, 0 insertions, 0 deletions