From 3102f19776ee305882082e140443bbc4c320b560 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 25 Aug 2020 15:39:59 +0000 Subject: Fix an integer overflow in init_om() that could lead to a double free. Reported by Jayden Rivers. --- lib/libX11/modules/om/generic/omGeneric.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/libX11') diff --git a/lib/libX11/modules/om/generic/omGeneric.c b/lib/libX11/modules/om/generic/omGeneric.c index 22f826ec0..bcfb9ab85 100644 --- a/lib/libX11/modules/om/generic/omGeneric.c +++ b/lib/libX11/modules/om/generic/omGeneric.c @@ -1908,7 +1908,8 @@ init_om( char **required_list; XOrientation *orientation; char **value, buf[BUFSIZ], *bufptr; - int count = 0, num = 0, length = 0; + int count = 0, num = 0; + unsigned int length = 0; _XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count); if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0) -- cgit v1.2.3