summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Hutterer <peter.hutterer@who-t.net>2023-01-23 19:57:28 +1000
committerAlan Coopersmith <alan.coopersmith@oracle.com>2023-01-23 23:46:34 +0000
commit77e3b389eb92b8d8f94f5b83c1d3d7cd4db5b037 (patch)
tree78dd7f7aa97c1d009755f7302593a23872ee4e49
parent71d7149cb356b96cc83e2ec95d06df4022039e2c (diff)
Fix a memleak in ParsePixels error code path
In this particular error path we have already allocated cidx[0..256] with 256 instances of fresh and juicy memory. Freeing that is annoying, but luckily there's a helpful FREE_CIDX macro that does exactly that. Fixes f80fa6a: Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height Found by covscan Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-rw-r--r--src/parse.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/parse.c b/src/parse.c
index 64f51ba..2bb3f0e 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -524,6 +524,7 @@ do \
for (y = 0; y < height; y++) {
ErrorStatus = xpmNextString(data);
if (ErrorStatus != XpmSuccess) {
+ FREE_CIDX;
XpmFree(iptr2);
return (ErrorStatus);
}