Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap

Found with clang's libfuzzer Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Alan Coopersmith <alan.coopersmith@oracle.com> 2023-04-29 18:30:34 -0700
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2023-09-22 14:11:24 -0700
commit: 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 (patch)
tree: 9b48853440d425c2bbc56c346146d009afa05973
parent: a21e7bcf0ca3d8c1605b2721a545440260870438 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/data.c b/src/data.c
index 0b0f1f3..6e87455 100644
--- a/src/data.c
+++ b/src/data.c
@@ -259,13 +259,13 @@ xpmNextWord(
     int c;
 
     if (!data->type || data->type == XPMBUFFER) {
-	while (isspace(c = *data->cptr) && c != data->Eos)
+	while ((c = *data->cptr) && isspace(c) && (c != data->Eos))
 	    data->cptr++;
 	do {
 	    c = *data->cptr++;
 	    *buf++ = c;
 	    n++;
-	} while (!isspace(c) && c != data->Eos && n < buflen);
+	} while (c && !isspace(c) && (c != data->Eos) && (n < buflen));
 	n--;
 	data->cptr--;
     } else {
author	Alan Coopersmith <alan.coopersmith@oracle.com>	2023-04-29 18:30:34 -0700
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2023-09-22 14:11:24 -0700
commit	7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 (patch)
tree	9b48853440d425c2bbc56c346146d009afa05973
parent	a21e7bcf0ca3d8c1605b2721a545440260870438 (diff)