Projects
openEuler:22.03:LTS:LoongArch
libXpm
_service:tar_scm_kernel_repo:backport-CVE-2023-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-CVE-2023-43789.patch of Package libXpm
From 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersmith@oracle.com> Date: Sat, 29 Apr 2023 18:30:34 -0700 Subject: [PATCH] Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap Found with clang's libfuzzer Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> --- src/data.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/data.c b/src/data.c index 0b0f1f3..6e87455 100644 --- a/src/data.c +++ b/src/data.c @@ -259,13 +259,13 @@ xpmNextWord( int c; if (!data->type || data->type == XPMBUFFER) { - while (isspace(c = *data->cptr) && c != data->Eos) + while ((c = *data->cptr) && isspace(c) && (c != data->Eos)) data->cptr++; do { c = *data->cptr++; *buf++ = c; n++; - } while (!isspace(c) && c != data->Eos && n < buflen); + } while (c && !isspace(c) && (c != data->Eos) && (n < buflen)); n--; data->cptr--; } else { -- GitLab
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.