When `num_fields == 12`, if the last character of the pattern is '-',
the `buf` array is overrun.
This error has been found by a static analysis tool. This is the report:
Error: OVERRUN (CWE-119):
libX11-1.8.7/modules/om/generic/omGeneric.c:691: cond_at_most:
Checking "length > 255" implies that "length" may be up to 255 on
the false branch.
libX11-1.8.7/modules/om/generic/omGeneric.c:695: alias:
Assigning: "last" = "buf + length - 1". "last" may now point to as
high as byte 254 of "buf" (which consists of 256 bytes).
libX11-1.8.7/modules/om/generic/omGeneric.c:718: ptr_incr:
Incrementing "last". "last" may now point to as high as byte 255
of "buf" (which consists of 256 bytes).
libX11-1.8.7/modules/om/generic/omGeneric.c:720: ptr_incr:
Incrementing "last". "last" may now point to as high as byte 256
of "buf" (which consists of 256 bytes).
libX11-1.8.7/modules/om/generic/omGeneric.c:720: overrun-local:
Overrunning array of 256 bytes at byte offset 256 by
dereferencing pointer "++last".
# 718| *++last = '*';
# 719|
# 720|-> *++last = '-';
# 721| break;
# 722| case 13:
Signed-off-by: José Expósito <jexposit@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/250>
You can save a bit of code. The is no need to check XFree arguments bring free_fontdataOM in line with other free function and check for NULL arg
Signed-off-by: harms wharms@bfs.de
Incorrect parameter usage with sizeof. Earlier passed argument FontData
will be 4 bytes always as its a pointer hence the change is needed and
FontDataRec should be used for memset.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
See http://sourceware.org/bugzilla/show_bug.cgi?id=10948
Currently, if the locale is UTF-8, no CJK fonts are installed, and someone
does XCreateFontSet() with a font name of "*", we end up asking the server
to list the (non-existent) fonts 11 times for each CJK encoding, which can
take a while.
A * wildcard can match multiple components in a XLFD name in XListFonts(),
so there's no need to try adding more than one to get a match.
We do try once with a leading '*-' in case the fontname isn't a full
well-formed XLFD name, maybe even that isn't needed?
(See also http://invisible-island.net/xterm/xterm.faq.html#slow_menus)
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
While at it, remove unneeded check for NULL before Xfree.
Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
- In set_fontset_extents, check font_data is not NULL before running
loop that may increment it to a non-NULL invalid pointer.
- Make sure get_rotate_fontname counts the final field
Fixes OpenSolaris bug 6913809: X application dumps core in ja_JP.UTF-8 locale
<http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6913809>
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
- For Xcomposite and Xdamage, don't link the build system out of the xc tree
- Link the public X11 headers into their own directory
- Add links to XKeysymDB and XErrorDB
- Add links to all the Xlib man pages
- Add links to the lcUniConv subdirectory
- Conditionally include config.h in Xlib source
Set font_data->xlfd_data to NULL after XFree(). (#837, patch from Bastien Nocera).
Tue Jul 20 18:23:32 2004 Soeren Sandmann <sandmann@daimi.au.dk>
Use /dev/urandom on Linux.(#761).
