test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage)

Provided by Yair Mizrahi of the JFrog Vulnerability Research team Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Alan Coopersmith <alan.coopersmith@oracle.com> 2023-09-05 17:01:58 -0700
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2023-09-22 14:12:28 -0700
commit: edb97396620f019f8d2e707ad3fbaf6bbbd5ed36 (patch)
tree: 83f551de49ea3b5595a39a0213cc501acc9e11ef /test/pixmaps/README.md
parent: 7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/test/pixmaps/README.md b/test/pixmaps/README.md
index 4f2cbae..8f20a8b 100644
--- a/test/pixmaps/README.md
+++ b/test/pixmaps/README.md
@@ -69,3 +69,16 @@ return XpmNoMemory when parsed.
 
 - oversize.xpm - This file specifies more pixels than can be mapped in
   a 64-bit address space that already has programs & libraries mapped in.
+
+other
+-----
+
+Those under the `other` subdirectory don't fit cleanly in any of the above
+categories, and may be valid for some uses but not others, and thus can't be
+easily used in the current test framework, but are still interesting cases.
+
+- overflow-stackexhaustion.xpm - This file was provided by Yair Mizrahi of
+  the JFrog Vulnerability Research team as a test for CVE-2023-43786.
+  It is a valid XPM file, but is larger than fits into an X Pixmap, so
+  should pass with many functions, but fail when used with sxpm or
+  anything that calls through to xpmCreatePixmapFromImage().
author	Alan Coopersmith <alan.coopersmith@oracle.com>	2023-09-05 17:01:58 -0700
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2023-09-22 14:12:28 -0700
commit	edb97396620f019f8d2e707ad3fbaf6bbbd5ed36 (patch)
tree	83f551de49ea3b5595a39a0213cc501acc9e11ef /test/pixmaps/README.md
parent	7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 (diff)