From e59aafdde26bae7ba753b5276bdfb4a3814df7fc Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Tue, 6 Aug 2024 02:20:50 +0000 Subject: automatic import of libXpm --- ...2-46285-Infinite-loop-on-unclosed-comment.patch | 37 ++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch (limited to '0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch') diff --git a/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch b/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch new file mode 100644 index 0000000..30cf7f7 --- /dev/null +++ b/0001-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch @@ -0,0 +1,37 @@ +From c6cd85b7d0a725552a7277748504a33f0fc3e121 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Sat, 17 Dec 2022 12:23:45 -0800 +Subject: [PATCH libXpm 1/6] Fix CVE-2022-46285: Infinite loop on unclosed + comments + +When reading XPM images from a file with libXpm 3.5.14 or older, if a +comment in the file is not closed (i.e. a C-style comment starts with +"/*" and is missing the closing "*/"), the ParseComment() function will +loop forever calling getc() to try to read the rest of the comment, +failing to notice that it has returned EOF, which may cause a denial of +service to the calling program. + +Reported-by: Marco Ivaldi +Signed-off-by: Alan Coopersmith +--- + src/data.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/data.c b/src/data.c +index 898889c..bfad4ff 100644 +--- a/src/data.c ++++ b/src/data.c +@@ -174,6 +174,10 @@ ParseComment(xpmData *data) + notend = 0; + Ungetc(data, *s, file); + } ++ else if (c == EOF) { ++ /* hit end of file before the end of the comment */ ++ return XpmFileInvalid; ++ } + } + return 0; + } +-- +2.39.0 + -- cgit v1.2.3