fdo-mirrors/xorg-libx11
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/lib/libx11.git synced 2026-02-05 19:10:56 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
xorg-libx11/modules
History
José Expósito 97fb5bda3d Fix buffer overrun in parse_omit_name 
When `num_fields == 12`, if the last character of the pattern is '-',
the `buf` array is overrun.

This error has been found by a static analysis tool. This is the report:

    Error: OVERRUN (CWE-119):
    libX11-1.8.7/modules/om/generic/omGeneric.c:691: cond_at_most:
      Checking "length > 255" implies that "length" may be up to 255 on
      the false branch.
    libX11-1.8.7/modules/om/generic/omGeneric.c:695: alias:
      Assigning: "last" = "buf + length - 1". "last" may now point to as
      high as byte 254 of "buf" (which consists of 256 bytes).
    libX11-1.8.7/modules/om/generic/omGeneric.c:718: ptr_incr:
      Incrementing "last". "last" may now point to as high as byte 255
      of "buf" (which consists of 256 bytes).
    libX11-1.8.7/modules/om/generic/omGeneric.c:720: ptr_incr:
      Incrementing "last". "last" may now point to as high as byte 256
      of "buf" (which consists of 256 bytes).
    libX11-1.8.7/modules/om/generic/omGeneric.c:720: overrun-local:
      Overrunning array of 256 bytes at byte offset 256 by
      dereferencing pointer "++last".
    #  718|               *++last = '*';
    #  719|
    #  720|->         *++last = '-';
    #  721|           break;
    #  722|       case 13:

Signed-off-by: José Expósito <jexposit@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/250>
2024-05-07 08:54:50 +00:00
..
im Fix memory leak in _XimProtoSetIMValues 2024-05-07 08:54:50 +00:00
lc unifdef Lynx 2024-02-20 17:05:50 -08:00
om Fix buffer overrun in parse_omit_name 2024-05-07 08:54:50 +00:00
Makefile.am Add missing Makefile.am to lib/X11/modules 2005-07-15 04:27:32 +00:00