Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer

When the test case for CVE-2022-46285 was run with the Address Sanitizer enabled, it found an out-of-bounds read in ParseComment() when reading from a memory buffer instead of a file, as it continued to look for the closing comment marker past the end of the buffer. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Alan Coopersmith <alan.coopersmith@oracle.com> 2023-04-29 17:50:39 -0700
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2023-09-22 14:06:32 -0700
commit: 2fa554b01ef6079a9b35df9332bdc4f139ed67e0 (patch)
tree: 688f59ad682663968cd481ac13c8b87fc921bda2
parent: 7f60f3428aa21d5d643eb75bfd9417cfabf48970 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/data.c b/src/data.c
index 7524e65..0b0f1f3 100644
--- a/src/data.c
+++ b/src/data.c
@@ -108,7 +108,7 @@ ParseComment(xpmData *data)
 		n++;
 		s2++;
 	    } while (c == *s2 && *s2 != '\0' && c);
-	    if (*s2 == '\0') {
+	    if (*s2 == '\0' || c == '\0') {
 		/* this is the end of the comment */
 		notend = 0;
 		data->cptr--;
author	Alan Coopersmith <alan.coopersmith@oracle.com>	2023-04-29 17:50:39 -0700
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2023-09-22 14:06:32 -0700
commit	2fa554b01ef6079a9b35df9332bdc4f139ed67e0 (patch)
tree	688f59ad682663968cd481ac13c8b87fc921bda2
parent	7f60f3428aa21d5d643eb75bfd9417cfabf48970 (diff)