From f7fbbb92f6d383b21dd1587c3703a5de37c625b5 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Tue, 3 Jan 2023 17:23:58 -0800 Subject: test: add test cases for CVE-2022-44617 (zero-width w/enormous height) Signed-off-by: Alan Coopersmith --- test/Makefile.am | 2 ++ test/pixmaps/README.md | 3 +++ test/pixmaps/invalid/zero-width-v1.xpm | 37 ++++++++++++++++++++++++++++++++++ test/pixmaps/invalid/zero-width.xpm | 35 ++++++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+) create mode 100644 test/pixmaps/invalid/zero-width-v1.xpm create mode 100644 test/pixmaps/invalid/zero-width.xpm diff --git a/test/Makefile.am b/test/Makefile.am index 175eccb..32a4b43 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -93,5 +93,7 @@ EXTRA_DIST = \ pixmaps/invalid/invalid-type.xpm \ pixmaps/invalid/no-contents.xpm \ pixmaps/invalid/unending-comment-c.xpm \ + pixmaps/invalid/zero-width.xpm \ + pixmaps/invalid/zero-width-v1.xpm \ pixmaps/no-mem/oversize.xpm \ tap-test diff --git a/test/pixmaps/README.md b/test/pixmaps/README.md index f361f77..f51af00 100644 --- a/test/pixmaps/README.md +++ b/test/pixmaps/README.md @@ -55,6 +55,9 @@ return XpmFileInvalid when parsed. - unending-comment-c.xpm - This file has a C comment block without the closing "*/" to test for CVE-2022-46285 +- zero-width.xpm & zero-width-v1.xpm - These files declare a width of 0 + and a height of nearly UINT_MAX, to test for CVE-2022-44617 + no-mem ------ diff --git a/test/pixmaps/invalid/zero-width-v1.xpm b/test/pixmaps/invalid/zero-width-v1.xpm new file mode 100644 index 0000000..9b403ca --- /dev/null +++ b/test/pixmaps/invalid/zero-width-v1.xpm @@ -0,0 +1,37 @@ +#define PLAID_format 1 +#define PLAID_width 0 +#define PLAID_height 4294967293 +#define PLAID_ncolors 4 +#define PLAID_chars_per_pixel 2 + +static char *PLAID_colors[] = { +" ", "red", +"Y ", "green", +"+ ", "yellow", +"x ", "black" +}; + +static char *PLAID_pixels[] = { +"x x x x x x x x x x x x + x x x x x ", +" x x x x x x x x x x x x x x x x ", +"x x x x x x x x x x x x + x x x x x ", +" x x x x x x x x x x x x x x x x ", +"x x x x x x x x x x x x + x x x x x ", +"Y Y Y Y Y x Y Y Y Y Y + x + x + x + x + x + ", +"x x x x x x x x x x x x + x x x x x ", +" x x x x x x x x x x x x x x x x ", +"x x x x x x x x x x x x + x x x x x ", +" x x x x x x x x x x x x x x x x ", +"x x x x x x x x x x x x + x x x x x ", +" x x x x Y x x x ", +" x x x Y x x ", +" x x x x Y x x x ", +" x x x Y x x ", +" x x x x Y x x x ", +"x x x x x x x x x x x x x x x x x x x x x x ", +" x x x x Y x x x ", +" x x x Y x x ", +" x x x x Y x x x ", +" x x x Y x x ", +" x x x x Y x x x " +}; diff --git a/test/pixmaps/invalid/zero-width.xpm b/test/pixmaps/invalid/zero-width.xpm new file mode 100644 index 0000000..78f367b --- /dev/null +++ b/test/pixmaps/invalid/zero-width.xpm @@ -0,0 +1,35 @@ +/* XPM */ +static char * plaid[] = { +/* plaid pixmap + * width height ncolors chars_per_pixel */ +"0 4294967293 4 2 ", /*cxpm hang*/ +/*"41474 31474 4 2 ",*/ /*ego ctrl all memory*/ +/* colors */ +" c red m white s light_color ", +"Y c green m black s lines_in_mix ", +"+ c yellow m white s lines_in_dark ", +"x m black s dark_color ", +/* pixels */ +"x x x x x x x x x x x x + x x x x x ", +" x x x x x x x x x x x x x x x x ", +"x x x x x x x x x x x x + x x x x x ", +" x x x x x x x x x x x x x x x x ", +"x x x x x x x x x x x x + x x x x x ", +"Y Y Y Y Y x Y Y Y Y Y + x + x + x + x + x + ", +"x x x x x x x x x x x x + x x x x x ", +" x x x x x x x x x x x x x x x x ", +"x x x x x x x x x x x x + x x x x x ", +" x x x x x x x x x x x x x x x x ", +"x x x x x x x x x x x x + x x x x x ", +" x x x x Y x x x ", +" x x x Y x x ", +" x x x x Y x x x ", +" x x x Y x x ", +" x x x x Y x x x ", +"x x x x x x x x x x x x x x x x x x x x x x ", +" x x x x Y x x x ", +" x x x Y x x ", +" x x x x Y x x x ", +" x x x Y x x ", +" x x x x Y x x x " +} ; -- cgit v1.2.3