diff options
| author | José Expósito <jexposit@redhat.com> | 2024-04-30 18:21:08 +0200 |
|---|---|---|
| committer | Marge Bot <emma+marge@anholt.net> | 2024-05-07 08:54:50 +0000 |
| commit | 97fb5bda3d0777380cd4b964f48771a82ef3f2a7 (patch) | |
| tree | 5ffaf9adb966b5f4b9582f754afef808a4ca6606 /nls/en_US.UTF-8/Compose.pre | |
| parent | f67a87dad40141f50f4da35b28a92a974bfdf7e1 (diff) | |
When `num_fields == 12`, if the last character of the pattern is '-',
the `buf` array is overrun.
This error has been found by a static analysis tool. This is the report:
Error: OVERRUN (CWE-119):
libX11-1.8.7/modules/om/generic/omGeneric.c:691: cond_at_most:
Checking "length > 255" implies that "length" may be up to 255 on
the false branch.
libX11-1.8.7/modules/om/generic/omGeneric.c:695: alias:
Assigning: "last" = "buf + length - 1". "last" may now point to as
high as byte 254 of "buf" (which consists of 256 bytes).
libX11-1.8.7/modules/om/generic/omGeneric.c:718: ptr_incr:
Incrementing "last". "last" may now point to as high as byte 255
of "buf" (which consists of 256 bytes).
libX11-1.8.7/modules/om/generic/omGeneric.c:720: ptr_incr:
Incrementing "last". "last" may now point to as high as byte 256
of "buf" (which consists of 256 bytes).
libX11-1.8.7/modules/om/generic/omGeneric.c:720: overrun-local:
Overrunning array of 256 bytes at byte offset 256 by
dereferencing pointer "++last".
# 718| *++last = '*';
# 719|
# 720|-> *++last = '-';
# 721| break;
# 722| case 13:
Signed-off-by: José Expósito <jexposit@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/250>
Diffstat (limited to 'nls/en_US.UTF-8/Compose.pre')
0 files changed, 0 insertions, 0 deletions