From edb97396620f019f8d2e707ad3fbaf6bbbd5ed36 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Tue, 5 Sep 2023 17:01:58 -0700 Subject: test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage) Provided by Yair Mizrahi of the JFrog Vulnerability Research team Signed-off-by: Alan Coopersmith --- test/pixmaps/README.md | 13 ++ test/pixmaps/other/overflow-stackexhaustion.xpm | 277 ++++++++++++++++++++++++ 2 files changed, 290 insertions(+) create mode 100644 test/pixmaps/other/overflow-stackexhaustion.xpm diff --git a/test/pixmaps/README.md b/test/pixmaps/README.md index 4f2cbae..8f20a8b 100644 --- a/test/pixmaps/README.md +++ b/test/pixmaps/README.md @@ -69,3 +69,16 @@ return XpmNoMemory when parsed. - oversize.xpm - This file specifies more pixels than can be mapped in a 64-bit address space that already has programs & libraries mapped in. + +other +----- + +Those under the `other` subdirectory don't fit cleanly in any of the above +categories, and may be valid for some uses but not others, and thus can't be +easily used in the current test framework, but are still interesting cases. + +- overflow-stackexhaustion.xpm - This file was provided by Yair Mizrahi of + the JFrog Vulnerability Research team as a test for CVE-2023-43786. + It is a valid XPM file, but is larger than fits into an X Pixmap, so + should pass with many functions, but fail when used with sxpm or + anything that calls through to xpmCreatePixmapFromImage(). diff --git a/test/pixmaps/other/overflow-stackexhaustion.xpm b/test/pixmaps/other/overflow-stackexhaustion.xpm new file mode 100644 index 0000000..2f7eae3 --- /dev/null +++ b/test/pixmaps/other/overflow-stackexhaustion.xpm @@ -0,0 +1,277 @@ +/* XPM */ +/* + * Copyright (c) 1993, 1995, Oracle and/or its affiliates. + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice (including the next + * paragraph) shall be included in all copies or substantial portions of the + * Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ +static char * Dimple_pm[] = { +/* width height ncolors cpp [x_hot y_hot] */ +"000000090000 1 247 1 1 1", +/* colors */ +" s background m black c #ffffffffffff", +". s topShadowColor m white c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +" + s bottomShadowColor m black c #ffffffffffff", +"X s bottomShadowColor m black c #ffffffffffff", +"} s bottomShadowColor m black c #ffffffffffff", +"; s bottomShadowColor m black c #ffffffffffff", +". s bottomShadowColor m black c #ffffffffffff", +/* pixels */ +" }; -- cgit v1.2.3