diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2023-04-29 18:30:34 -0700 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2023-09-22 14:11:24 -0700 |
| commit | 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 (patch) | |
| tree | 9b48853440d425c2bbc56c346146d009afa05973 | |
| parent | a21e7bcf0ca3d8c1605b2721a545440260870438 (diff) | |
Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
Found with clang's libfuzzer
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
| -rw-r--r-- | src/data.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -259,13 +259,13 @@ xpmNextWord( int c; if (!data->type || data->type == XPMBUFFER) { - while (isspace(c = *data->cptr) && c != data->Eos) + while ((c = *data->cptr) && isspace(c) && (c != data->Eos)) data->cptr++; do { c = *data->cptr++; *buf++ = c; n++; - } while (!isspace(c) && c != data->Eos && n < buflen); + } while (c && !isspace(c) && (c != data->Eos) && (n < buflen)); n--; data->cptr--; } else { |