This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.6.x in repository nx-libs. commit a0bed4d9fce8ffc96f13ca13b95d2a7913d20719 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun Feb 8 22:23:51 2015 -0500 CVE-2014-0211: integer overflow in fs_alloc_glyphs() from xorg/lib/libXfont commit a42f707f8a62973f5e8bbcd08afb10a79e9cee33 fs_alloc_glyphs() is a malloc wrapper used by the font code. It contains a classic integer overflow in the malloc() call, which can cause memory corruption. --- nx-X11/lib/font/fc/fsconvert.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nx-X11/lib/font/fc/fsconvert.c b/nx-X11/lib/font/fc/fsconvert.c index d41e0b8..afa2c32 100644 --- a/nx-X11/lib/font/fc/fsconvert.c +++ b/nx-X11/lib/font/fc/fsconvert.c @@ -762,7 +762,12 @@ fs_alloc_glyphs (FontPtr pFont, int size) FSGlyphPtr glyphs; FSFontPtr fsfont = (FSFontPtr) pFont->fontPrivate; - glyphs = xalloc (sizeof (FSGlyphRec) + size); + if (size < (INT_MAX - sizeof (FSGlyphRec))) + glyphs = xalloc (sizeof (FSGlyphRec) + size); + else + glyphs = NULL; + if (glyphs == NULL) + return NULL; glyphs->next = fsfont->glyphs; fsfont->glyphs = glyphs; return (pointer) (glyphs + 1); -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git