summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2023-09-05 17:01:58 -0700
committerAlan Coopersmith <alan.coopersmith@oracle.com>2023-09-22 14:12:28 -0700
commitedb97396620f019f8d2e707ad3fbaf6bbbd5ed36 (patch)
tree83f551de49ea3b5595a39a0213cc501acc9e11ef
parent7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 (diff)
test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage)
Provided by Yair Mizrahi of the JFrog Vulnerability Research team Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat
-rw-r--r--test/pixmaps/README.md13
-rw-r--r--test/pixmaps/other/overflow-stackexhaustion.xpm277
2 files changed, 290 insertions, 0 deletions
diff --git a/test/pixmaps/README.md b/test/pixmaps/README.md
index 4f2cbae..8f20a8b 100644
--- a/test/pixmaps/README.md
+++ b/test/pixmaps/README.md
@@ -69,3 +69,16 @@ return XpmNoMemory when parsed.
- oversize.xpm - This file specifies more pixels than can be mapped in
a 64-bit address space that already has programs & libraries mapped in.
+
+other
+-----
+
+Those under the `other` subdirectory don't fit cleanly in any of the above
+categories, and may be valid for some uses but not others, and thus can't be
+easily used in the current test framework, but are still interesting cases.
+
+- overflow-stackexhaustion.xpm - This file was provided by Yair Mizrahi of
+ the JFrog Vulnerability Research team as a test for CVE-2023-43786.
+ It is a valid XPM file, but is larger than fits into an X Pixmap, so
+ should pass with many functions, but fail when used with sxpm or
+ anything that calls through to xpmCreatePixmapFromImage().
diff --git a/test/pixmaps/other/overflow-stackexhaustion.xpm b/test/pixmaps/other/overflow-stackexhaustion.xpm
new file mode 100644
index 0000000..2f7eae3
--- /dev/null
+++ b/test/pixmaps/other/overflow-stackexhaustion.xpm
@@ -0,0 +1,277 @@
+/* XPM */
+/*
+ * Copyright (c) 1993, 1995, Oracle and/or its affiliates.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the next
+ * paragraph) shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+static char * Dimple_pm[] = {
+/* width height ncolors cpp [x_hot y_hot] */
+"000000090000 1 247 1 1 1",
+/* colors */
+" s background m black c #ffffffffffff",
+". s topShadowColor m white c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"
+ s bottomShadowColor m black c #ffffffffffff",
+"X s bottomShadowColor m black c #ffffffffffff",
+"} s bottomShadowColor m black c #ffffffffffff",
+"; s bottomShadowColor m black c #ffffffffffff",
+". s bottomShadowColor m black c #ffffffffffff",
+/* pixels */
+" };
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-16 03:18:36 +0000