From 0ab0f870694adbca389833d62e4514b92c13e8bc Mon Sep 17 00:00:00 2001
From: Mike DePaulo <mikedep333@gmail.com>
Date: Sat, 5 Apr 2014 11:56:01 -0400
Subject: Fix CVE-2013-4396 (2013-10-08). The fix is included in upstream
 xserver 1.14.4 .

---
 xorg-server/dix/dixfonts.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'xorg-server')

diff --git a/xorg-server/dix/dixfonts.c b/xorg-server/dix/dixfonts.c
index 22c236553..dd7700860 100644
--- a/xorg-server/dix/dixfonts.c
+++ b/xorg-server/dix/dixfonts.c
@@ -1459,6 +1459,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
             GC *pGC;
             unsigned char *data;
             ITclosurePtr new_closure;
+            ITclosurePtr old_closure;
 
             /* We're putting the client to sleep.  We need to
                save some state.  Similar problem to that handled
@@ -1470,12 +1471,14 @@ doImageText(ClientPtr client, ITclosurePtr c)
                 err = BadAlloc;
                 goto bail;
             }
+            old_closure = c;
             *new_closure = *c;
             c = new_closure;
 
             data = malloc(c->nChars * itemSize);
             if (!data) {
                 free(c);
+                c = old_closure;
                 err = BadAlloc;
                 goto bail;
             }
@@ -1486,6 +1489,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
             if (!pGC) {
                 free(c->data);
                 free(c);
+                c = old_closure;
                 err = BadAlloc;
                 goto bail;
             }
@@ -1498,6 +1502,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
                 FreeScratchGC(pGC);
                 free(c->data);
                 free(c);
+                c = old_closure;
                 err = BadAlloc;
                 goto bail;
             }
-- 
cgit v1.2.3