Fix an integer overflow in init_om()

CVE-2020-14363 This can lead to a double free later, as reported by Jayden Rivers. Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>

Fix an integer overflow in init_om()
CVE-2020-14363 This can lead to a double free later, as reported by Jayden Rivers. Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
acdaaadc · Matthieu Herrb · d15c24c8 · acdaaadc
Commit acdaaadc authored Aug 13, 2020 by Matthieu Herrb
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

modules/om/generic/omGeneric.c modules/om/generic/omGeneric.c +2 -1

No files found.
--- a/modules/om/generic/omGeneric.c
+++ b/modules/om/generic/omGeneric.c
@@ -1908,7 +1908,8 @@ init_om(
    char **required_list;
    XOrientation *orientation;
    char **value, buf[BUFSIZ], *bufptr;
-    int count = 0, num = 0, length = 0;
+    int count = 0, num = 0;
+    unsigned int length = 0;

    _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count);
    if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)