diff options
| author | Matthieu Herrb <matthieu@herrb.eu> | 2020-08-13 18:02:58 +0200 |
|---|---|---|
| committer | Matthieu Herrb <matthieu@herrb.eu> | 2020-08-19 12:46:57 +0200 |
| commit | acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d (patch) | |
| tree | 183e3e909b769d4d7ac0581b05f88f5e5f7cc8cc /modules | |
| parent | d15c24c8b44be5e4054c8ecd0ff9dcf2c8e18e5b (diff) | |
Fix an integer overflow in init_om()
CVE-2020-14363
This can lead to a double free later, as reported by Jayden Rivers.
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/om/generic/omGeneric.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c index c44acb88..406cec93 100644 --- a/modules/om/generic/omGeneric.c +++ b/modules/om/generic/omGeneric.c @@ -1908,7 +1908,8 @@ init_om( char **required_list; XOrientation *orientation; char **value, buf[BUFSIZ], *bufptr; - int count = 0, num = 0, length = 0; + int count = 0, num = 0; + unsigned int length = 0; _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count); if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0) |