Bug 98878 - Gracefully handle EOF while parsing files.
Summary: Gracefully handle EOF while parsing files.
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/Xpm (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
Keywords: patch
Depends on:
Reported: 2016-11-27 18:08 UTC by Tobias Stoeckmann
Modified: 2016-12-15 17:43 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

My proposed patch (2.83 KB, patch)
2016-11-27 18:08 UTC, Tobias Stoeckmann
no flags Details | Splinter Review

Description Tobias Stoeckmann 2016-11-27 18:08:11 UTC
Created attachment 128227 [details] [review]
My proposed patch

libXpm does not properly handle EOF conditions when xpmGetC is called
multiple times in a row to construct a string. Instead of checking
its return value for EOF, the result is automatically casted into a
char and attached to a string.

By carefully crafting the color table in an XPM file, it is possible to
send a libXpm program like gimp into a very long lasting loop and
massive memory allocations.

Otherwise no memory issues arise, therefore this is just a purely
functional patch to dismiss invalid input.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.