From af55da1e9c1a6a352b24823a8f7062c288ffbbc0 Mon Sep 17 00:00:00 2001
From: Mike DePaulo <mikedep333@gmail.com>
Date: Sun, 8 Feb 2015 19:15:20 -0500
Subject: [PATCH 01/40] LZW decompress: fix for CVE-2011-2895 From
xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0
Specially crafted LZW stream can crash an application using libXfont
that is used to open untrusted font files. With X server, this may
allow privilege escalation when exploited
---
nx-X11/lib/font/fontfile/decompress.c | 2 ++
1 file changed, 2 insertions(+)
--- a/nx-X11/lib/font/fontfile/decompress.c
+++ b/nx-X11/lib/font/fontfile/decompress.c
@@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f)
*/
while ( code >= 256 )
{
+ if (stackp - de_stack >= STACK_SIZE - 1)
+ return BUFFILEEOF;
*stackp++ = file->tab_suffix[code];
code = file->tab_prefix[code];
}-
Mihai Moldovan authored
Removes some fuzziness and adds the -p diff option to show the C function name in hunk headers.
6ae091cc