LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit…

LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0 Specially crafted LZW stream can crash an application using libXfont that is used to open untrusted font files. With X server, this may allow privilege escalation when exploited

LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit…
af55da1e · Mike DePaulo · Mike Gabriel · 902dc519 · af55da1e
Commit af55da1e authored Feb 08, 2015 by Mike DePaulo Committed by Mike Gabriel Feb 14, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

decompress.c nx-X11/lib/font/fontfile/decompress.c +2 -0

No files found.
--- a/nx-X11/lib/font/fontfile/decompress.c
+++ b/nx-X11/lib/font/fontfile/decompress.c
@@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f)
     	 */
    	while ( code >= 256 )
    	{
+	    if (stackp - de_stack >= STACK_SIZE - 1)
+		return BUFFILEEOF;
 	    *stackp++ = file->tab_suffix[code];
 	    code = file->tab_prefix[code];
    	}