Bug 98878

Summary:

Gracefully handle EOF while parsing files.

Product:

xorg

Reporter:

Tobias Stoeckmann <tobias>

Component:

Lib/Xpm

Assignee:

Xorg Project Team <xorg-team>

Status:

RESOLVED FIXED

QA Contact:

Xorg Project Team <xorg-team>

Severity:

normal

Priority:

medium

Keywords:

patch

Version:

git

Hardware:

Other

OS:

All

Whiteboard:

i915 platform:

i915 features:

Attachments:

Description	Flags
My proposed patch	none

Description Tobias Stoeckmann 2016-11-27 18:08:11 UTC

Created attachment 128227 [details] [review]
My proposed patch

libXpm does not properly handle EOF conditions when xpmGetC is called
multiple times in a row to construct a string. Instead of checking
its return value for EOF, the result is automatically casted into a
char and attached to a string.

By carefully crafting the color table in an XPM file, it is possible to
send a libXpm program like gimp into a very long lasting loop and
massive memory allocations.

Otherwise no memory issues arise, therefore this is just a purely
functional patch to dismiss invalid input.

Comment 1 Matthieu Herrb 2016-12-15 17:43:44 UTC

Committed. https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=1ec33006a9e4214b390045b820464e24297dc6c0

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.