From c099d0105f7a4f969cf922f333cb54c177aceacb Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 18 May 2024 11:41:36 -0700
Subject: [PATCH] Avoid buffer overflow in _XimLookupMBText &
 _XimLookupUTF8Text

Reported-by: u32i <u32i@proton.me>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/251>
---
 src/imConv.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/imConv.c b/src/imConv.c
index 48bc7900..5a5b83dc 100644
--- a/src/imConv.c
+++ b/src/imConv.c
@@ -177,6 +177,8 @@ _XimLookupMBText(
     if ((nbytes == 0) || (symbol == NoSymbol)) return count;
 
     if (count > 1) {
+	if ((unsigned)count >= sizeof(look))
+	    return 0;
 	memcpy(look, (char *)buffer,count);
 	look[count] = '\0';
 	if ((count = im->methods->ctstombs(ic->core.im,
@@ -320,6 +322,8 @@ _XimLookupUTF8Text(
     if ((nbytes == 0) || (symbol == NoSymbol)) return count;
 
     if (count > 1) {
+	if ((unsigned)count >= sizeof(look))
+	    return 0;
 	memcpy(look, (char *)buffer,count);
 	look[count] = '\0';
 	if ((count = im->methods->ctstoutf8(ic->core.im,