Commit d11ee588 authored by Thomas Hoger's avatar Thomas Hoger Committed by Alan Coopersmith

LZW decompress: fix for CVE-2011-2895

Specially crafted LZW stream can crash an application using libXfont
that is used to open untrusted font files.  With X server, this may
allow privilege escalation when exploited
Reviewed-by: default avatarMatthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: default avatarMatthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
parent 214ca6a7
......@@ -259,6 +259,8 @@ BufCompressedFill (BufFilePtr f)
*/
while ( code >= 256 )
{
if (stackp - de_stack >= STACK_SIZE - 1)
return BUFFILEEOF;
*stackp++ = file->tab_suffix[code];
code = file->tab_prefix[code];
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment