Free fs->properties in XF86BigfontQueryFont overflow error path

Fixes small memory leak introduced in commit 5669a22081 Reported-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Hint: Upstream commit 5669a22081 is "integer overflow in _XF86BigfontQueryFont() [CVE-2013-1981 2/13]" Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>

Free fs->properties in XF86BigfontQueryFont overflow error path
71fb99cb · Alan Coopersmith · Ulrich Sibiller · 78ed2333 · 71fb99cb
Commit 71fb99cb authored May 16, 2013 by Alan Coopersmith Committed by Ulrich Sibiller Oct 19, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

Font.c nx-X11/lib/X11/Font.c +1 -0

No files found.
--- a/nx-X11/lib/X11/Font.c
+++ b/nx-X11/lib/X11/Font.c
@@ -508,6 +508,7 @@ _XF86BigfontQueryFont (
       any real font needs, so the combined total doesn't overflow either */
    if (reply.nUniqCharInfos > ((ULONG_MAX / 2) / SIZEOF(xCharInfo)) ||
       reply.nCharInfos > ((ULONG_MAX / 2) / sizeof(CARD16))) {
+       Xfree((char *) fs->properties);
       Xfree((char *) fs);
       _XEatDataWords(dpy, reply_left);
       return (XFontStruct *)NULL;