diff options
| author | Peter Hutterer <peter.hutterer@who-t.net> | 2023-01-23 19:57:28 +1000 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2023-01-23 23:46:34 +0000 |
| commit | 77e3b389eb92b8d8f94f5b83c1d3d7cd4db5b037 (patch) | |
| tree | 78dd7f7aa97c1d009755f7302593a23872ee4e49 | |
| parent | 71d7149cb356b96cc83e2ec95d06df4022039e2c (diff) | |
| download | xorg-lib-libXpm-77e3b389eb92b8d8f94f5b83c1d3d7cd4db5b037.tar.gz | |
Fix a memleak in ParsePixels error code path
In this particular error path we have already allocated cidx[0..256]
with 256 instances of fresh and juicy memory. Freeing that is annoying,
but luckily there's a helpful FREE_CIDX macro that does exactly that.
Fixes f80fa6a:
Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
Found by covscan
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
| -rw-r--r-- | src/parse.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/parse.c b/src/parse.c index 64f51ba..2bb3f0e 100644 --- a/src/parse.c +++ b/src/parse.c @@ -524,6 +524,7 @@ do \ for (y = 0; y < height; y++) { ErrorStatus = xpmNextString(data); if (ErrorStatus != XpmSuccess) { + FREE_CIDX; XpmFree(iptr2); return (ErrorStatus); } |