xorg-libx11

mirror of https://gitlab.freedesktop.org/xorg/lib/libx11.git synced 2026-02-07 17:50:30 +01:00

History

José Expósito 97fb5bda3d Fix buffer overrun in parse_omit_name When `num_fields == 12`, if the last character of the pattern is '-', the `buf` array is overrun. This error has been found by a static analysis tool. This is the report: Error: OVERRUN (CWE-119): libX11-1.8.7/modules/om/generic/omGeneric.c:691: cond_at_most: Checking "length > 255" implies that "length" may be up to 255 on the false branch. libX11-1.8.7/modules/om/generic/omGeneric.c:695: alias: Assigning: "last" = "buf + length - 1". "last" may now point to as high as byte 254 of "buf" (which consists of 256 bytes). libX11-1.8.7/modules/om/generic/omGeneric.c:718: ptr_incr: Incrementing "last". "last" may now point to as high as byte 255 of "buf" (which consists of 256 bytes). libX11-1.8.7/modules/om/generic/omGeneric.c:720: ptr_incr: Incrementing "last". "last" may now point to as high as byte 256 of "buf" (which consists of 256 bytes). libX11-1.8.7/modules/om/generic/omGeneric.c:720: overrun-local: Overrunning array of 256 bytes at byte offset 256 by dereferencing pointer "++last". # 718\| ++last = ''; # 719\| # 720\|-> *++last = '-'; # 721\| break; # 722\| case 13: Signed-off-by: José Expósito <jexposit@redhat.com> Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/250>		2024-05-07 08:54:50 +00:00
..
Makefile.am	Remove support for building without XCB	2010-06-03 22:19:14 -07:00
omDefault.c	Purge CVS/RCS id tags	2010-01-14 17:38:26 -08:00
omGeneric.c	Fix buffer overrun in parse_omit_name	2024-05-07 08:54:50 +00:00
omImText.c	Delete #if 0 hunks of code	2015-12-18 23:50:26 -08:00
omText.c	Purge CVS/RCS id tags	2010-01-14 17:38:26 -08:00
omTextEsc.c	Avoid NULL pointer deref. Fixes issue #47 .	2021-12-03 02:56:43 +00:00
omTextExt.c	Purge CVS/RCS id tags	2010-01-14 17:38:26 -08:00
omTextPer.c	Purge CVS/RCS id tags	2010-01-14 17:38:26 -08:00
omXChar.c	unifdef MUSTCOPY	2013-03-03 18:20:10 -08:00