path: root/src/Font.c
AgeCommit message (Collapse)AuthorFilesLines
2021-05-31Protect against overly long stringsTobias Stoeckmann1-4/+4
Checking against upper limit of USHRT_MAX must happen before truncating size_t to int. On 64 bit systems with strings larger than 2 GB this could otherwise lead to negative ints or ints smaller than USHRT_MAX. In XParseColor this could lead to out of boundary access with strings starting with a # (color sequence). A modulo 12 operation is performed to validate the string length, but with an overflown length, the for loop would eventually read behind terminating '\0' character. Signed-off-by: Tobias Stoeckmann <>
2021-05-30Check for NULL strings before getting their lengthsMatthieu Herrb1-1/+1
Problem reported by Karsten Trulsen Signed-off-by: Matthieu Herrb <>
2021-05-18Reject string longer than USHRT_MAX before sending them on the wireMatthieu Herrb1-1/+3
The X protocol uses CARD16 values to represent the length so this would overflow. CVE-2021-31535 Signed-off-by: Matthieu Herrb <>
2020-04-21reduce gcc-normal warnings using casts (no object change)Thomas E. Dickey1-3/+3
Signed-off-by: Thomas E. Dickey <>
2018-12-08Convert main src directory to use reallocarray()Alan Coopersmith1-7/+9
2015-09-21fix for Xlib 32-bit request number issuesChristian Linhart1-1/+1
Make use of the new 64-bit sequence number API in XCB 1.11.1 to avoid the 32-bit sequence number wrap in libX11. Bugzilla: Signed-off-by: Christian Linhart <> Signed-off-by: Olivier Fourdan <> Reviewed-by: Adam Jackson <>
2014-06-06Remove redundant null checks before freewalter harms1-11/+11
This patch removes some redundant null checks before free. It should not change the code otherwise. Be aware that this is only the first series. Signed-off-by: Harms <wharms@bfs,de> Reviewed-by: Alan Coopersmith <> Signed-off-by: Alan Coopersmith <>
2013-08-20Remove unnecessary casts of pointers to (char *) in calls to Xfree()Alan Coopersmith1-33/+33
Left one cast behind that is necessary to change from const char * to char * in src/xlibi18n/lcCharSet.c. Signed-off-by: Alan Coopersmith <>
2013-07-21Fix out-of-range comparison in _XF86BigfontQueryFontThomas Klausner1-1/+1
clang complained (correctly): warning: comparison of constant 768614336404564650 with expression of type 'CARD32' (aka 'unsigned int') is always true [-Wtautological-constant-out-of-range-compare] [While LONG_MAX is correct, since it's used in size_t math, the numbers have to be limited to 32-bit range to be usable by 32-bit clients, and values beyond that range are far more likely to be bugs in the data from the server than valid numbers of characters in a font. -alan- ] Reviewed-by: Alan Coopersmith <> Signed-off-by: Alan Coopersmith <>
2013-05-16Free fs->properties in _XF86BigfontQueryFont overflow error pathAlan Coopersmith1-0/+1
Fixes small memory leak introduced in commit 5669a22081 Reported-by: Julien Cristau <> Signed-off-by: Alan Coopersmith <>
2013-05-09Remove more unnecessary casts from Xmalloc/calloc callsAlan Coopersmith1-6/+6
Signed-off-by: Alan Coopersmith <>
2013-05-09integer overflow in _XF86BigfontQueryFont() [CVE-2013-1981 2/13]Alan Coopersmith1-17/+25
Similar to _XQueryFont, but with more ways to go wrong and overflow. Only compiled if libX11 is built with XF86BigFont support. v2: Fix reply_left calculations, check calculated sizes fit in reply_left Reported-by: Ilja Van Sprundel <> Signed-off-by: Alan Coopersmith <>
2013-05-09integer overflow in _XQueryFont() on 32-bit platforms [CVE-2013-1981 1/13]Alan Coopersmith1-12/+23
If the CARD32 reply.nCharInfos * sizeof(XCharStruct) overflows an unsigned long, then too small of a buffer will be allocated for the data copied in from the reply. v2: Fix reply_left calculations, check calculated sizes fit in reply_left Reported-by: Ilja Van Sprundel <> Signed-off-by: Alan Coopersmith <>
2013-03-03unifdef MUSTCOPYAlan Coopersmith1-43/+1
MUSTCOPY seems to have only been defined in <X11/Xmd.h> when building for CRAY, to handle missing some sizes of integer type. (mostly performed with unifdef, followed by some manual cleanup of spacing/indenting in the remaining code) Signed-off-by: Alan Coopersmith <> Reviewed-by: Peter Hutterer <>
2011-01-18Update to xf86bigfontproto >= 1.2.0 header nameAlan Coopersmith1-1/+1
Clears compile-time warning of: "X11/extensions/xf86bigfstr.h", line 1: #warning: "xf86bigfstr.h is obsolete and may be removed in the future." "X11/extensions/xf86bigfstr.h", line 2: #warning: "include <X11/extensions/xf86bigfproto.h> for the protocol defines." Requires xf86bigfontproto >= 1.2.0 if --disable-xf86bigfont is not passed to configure. Also removes unnecessary AC_SUBST of BIGFONT_CFLAGS & BIGFONT_LIBS that PKG_CHECK_MODULES does automatically Signed-off-by: Alan Coopersmith <> Reviewed-by: Julien Cristau <>
2010-07-07Purge macros NEED_EVENTS and NEED_REPLIESFernando Carrijo1-1/+0
Signed-off-by: Fernando Carrijo <> Acked-by: Tiago Vignatti <> Reviewed-by: Alan Coopersmith <>
2010-01-14Purge CVS/RCS id tagsAlan Coopersmith1-2/+0
Signed-off-by: Alan Coopersmith <>
2008-06-17Strip whitespace from end of lines in source filesAlan Coopersmith1-5/+5
2007-05-01Switched function definitions from K&R to ANSI style.Magnus Kessler1-6/+6
2007-04-06Bug #10475: Fixed lots of char*/const char* mixups.Tilman Sauerbeck1-1/+1
I didn't fix all of them, as that would require touching public headers.
2006-07-24ANSIfy some static function definitionsAlan Coopersmith1-11/+10
2006-07-24Fix sparse warning: Using plain integer as NULL pointerAlan Coopersmith1-2/+2
2005-05-13- For now put xtrans in X11/Xtrans/X11, since libX11 is looking for it in ↵XORG-6_8_99_7Søren Sandmann Pedersen1-0/+3
<X11/...> - For Xcomposite and Xdamage, don't link the build system out of the xc tree - Link the public X11 headers into their own directory - Add links to XKeysymDB and XErrorDB - Add links to all the Xlib man pages - Add links to the lcUniConv subdirectory - Conditionally include config.h in Xlib source
2004-04-23Merging XORG-CURRENT into trunkEgbert Eich1-27/+517
2003-11-14R6.6 is the Xorg base-lineXORG-MAINKaleb Keithley1-0/+241