Created attachment 128223 [details] [review] My proposed patch libXpm is vulnerable to an out of boundary read if an XPM file contains a color with a symbolic name but without any default color value. A caller must set XpmColorSymbols and a color with a NULL name in the supplied XpmAttributes to XpmReadFileToImage (or other functions of this type) in order to trigger this issue. I have attached a proof of concept code and XPM file. You will most likely have to compile the binary and libXpm with -fasan to actually see that something went wrong.
Created attachment 128224 [details] XPM file XPM file containing a symbolic color name but no default colors.
Created attachment 128225 [details] Proof of Concept Code that triggers an out of boundary read with the attached XPM file. Compile with "gcc -fasan -lX11 -lXpm -o poc poc.c"
Created attachment 128226 [details] Crash report Output of Address Sanitizer
Committed https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=c46dedeba15edf7216d62633ed6daf40cd1f5bfd
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.