summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2023-01-03 17:23:58 -0800
committerAlan Coopersmith <alan.coopersmith@oracle.com>2023-01-12 15:47:43 -0800
commitf7fbbb92f6d383b21dd1587c3703a5de37c625b5 (patch)
tree9fd6b854395cfb082b24a4e0145c317b3bcad6a2
parenta3a7c6dcc3b629d765014816c566c63165c63ca8 (diff)
test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-rw-r--r--test/Makefile.am2
-rw-r--r--test/pixmaps/README.md3
-rw-r--r--test/pixmaps/invalid/zero-width-v1.xpm37
-rw-r--r--test/pixmaps/invalid/zero-width.xpm35
4 files changed, 77 insertions, 0 deletions
diff --git a/test/Makefile.am b/test/Makefile.am
index 175eccb..32a4b43 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -93,5 +93,7 @@ EXTRA_DIST = \
pixmaps/invalid/invalid-type.xpm \
pixmaps/invalid/no-contents.xpm \
pixmaps/invalid/unending-comment-c.xpm \
+ pixmaps/invalid/zero-width.xpm \
+ pixmaps/invalid/zero-width-v1.xpm \
pixmaps/no-mem/oversize.xpm \
tap-test
diff --git a/test/pixmaps/README.md b/test/pixmaps/README.md
index f361f77..f51af00 100644
--- a/test/pixmaps/README.md
+++ b/test/pixmaps/README.md
@@ -55,6 +55,9 @@ return XpmFileInvalid when parsed.
- unending-comment-c.xpm - This file has a C comment block without the
closing "*/" to test for CVE-2022-46285
+- zero-width.xpm & zero-width-v1.xpm - These files declare a width of 0
+ and a height of nearly UINT_MAX, to test for CVE-2022-44617
+
no-mem
------
diff --git a/test/pixmaps/invalid/zero-width-v1.xpm b/test/pixmaps/invalid/zero-width-v1.xpm
new file mode 100644
index 0000000..9b403ca
--- /dev/null
+++ b/test/pixmaps/invalid/zero-width-v1.xpm
@@ -0,0 +1,37 @@
+#define PLAID_format 1
+#define PLAID_width 0
+#define PLAID_height 4294967293
+#define PLAID_ncolors 4
+#define PLAID_chars_per_pixel 2
+
+static char *PLAID_colors[] = {
+" ", "red",
+"Y ", "green",
+"+ ", "yellow",
+"x ", "black"
+};
+
+static char *PLAID_pixels[] = {
+"x x x x x x x x x x x x + x x x x x ",
+" x x x x x x x x x x x x x x x x ",
+"x x x x x x x x x x x x + x x x x x ",
+" x x x x x x x x x x x x x x x x ",
+"x x x x x x x x x x x x + x x x x x ",
+"Y Y Y Y Y x Y Y Y Y Y + x + x + x + x + x + ",
+"x x x x x x x x x x x x + x x x x x ",
+" x x x x x x x x x x x x x x x x ",
+"x x x x x x x x x x x x + x x x x x ",
+" x x x x x x x x x x x x x x x x ",
+"x x x x x x x x x x x x + x x x x x ",
+" x x x x Y x x x ",
+" x x x Y x x ",
+" x x x x Y x x x ",
+" x x x Y x x ",
+" x x x x Y x x x ",
+"x x x x x x x x x x x x x x x x x x x x x x ",
+" x x x x Y x x x ",
+" x x x Y x x ",
+" x x x x Y x x x ",
+" x x x Y x x ",
+" x x x x Y x x x "
+};
diff --git a/test/pixmaps/invalid/zero-width.xpm b/test/pixmaps/invalid/zero-width.xpm
new file mode 100644
index 0000000..78f367b
--- /dev/null
+++ b/test/pixmaps/invalid/zero-width.xpm
@@ -0,0 +1,35 @@
+/* XPM */
+static char * plaid[] = {
+/* plaid pixmap
+ * width height ncolors chars_per_pixel */
+"0 4294967293 4 2 ", /*cxpm hang*/
+/*"41474 31474 4 2 ",*/ /*ego ctrl all memory*/
+/* colors */
+" c red m white s light_color ",
+"Y c green m black s lines_in_mix ",
+"+ c yellow m white s lines_in_dark ",
+"x m black s dark_color ",
+/* pixels */
+"x x x x x x x x x x x x + x x x x x ",
+" x x x x x x x x x x x x x x x x ",
+"x x x x x x x x x x x x + x x x x x ",
+" x x x x x x x x x x x x x x x x ",
+"x x x x x x x x x x x x + x x x x x ",
+"Y Y Y Y Y x Y Y Y Y Y + x + x + x + x + x + ",
+"x x x x x x x x x x x x + x x x x x ",
+" x x x x x x x x x x x x x x x x ",
+"x x x x x x x x x x x x + x x x x x ",
+" x x x x x x x x x x x x x x x x ",
+"x x x x x x x x x x x x + x x x x x ",
+" x x x x Y x x x ",
+" x x x Y x x ",
+" x x x x Y x x x ",
+" x x x Y x x ",
+" x x x x Y x x x ",
+"x x x x x x x x x x x x x x x x x x x x x x ",
+" x x x x Y x x x ",
+" x x x Y x x ",
+" x x x x Y x x x ",
+" x x x Y x x ",
+" x x x x Y x x x "
+} ;