summaryrefslogtreecommitdiff
path: root/src/data.c
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2023-04-29 17:50:39 -0700
committerAlan Coopersmith <alan.coopersmith@oracle.com>2023-09-22 14:06:32 -0700
commit2fa554b01ef6079a9b35df9332bdc4f139ed67e0 (patch)
tree688f59ad682663968cd481ac13c8b87fc921bda2 /src/data.c
parent7f60f3428aa21d5d643eb75bfd9417cfabf48970 (diff)
Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
When the test case for CVE-2022-46285 was run with the Address Sanitizer enabled, it found an out-of-bounds read in ParseComment() when reading from a memory buffer instead of a file, as it continued to look for the closing comment marker past the end of the buffer. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'src/data.c')
-rw-r--r--src/data.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/data.c b/src/data.c
index 7524e65..0b0f1f3 100644
--- a/src/data.c
+++ b/src/data.c
@@ -108,7 +108,7 @@ ParseComment(xpmData *data)
n++;
s2++;
} while (c == *s2 && *s2 != '\0' && c);
- if (*s2 == '\0') {
+ if (*s2 == '\0' || c == '\0') {
/* this is the end of the comment */
notend = 0;
data->cptr--;