mirror of
https://github.com/hyprwm/wlroots-hyprland.git
synced 2024-11-25 22:25:58 +01:00
Merge pull request #1358 from emersion/xcursor-heap
xcursor: Fix heap overflows when parsing malicious files
This commit is contained in:
commit
bcd19a8824
1 changed files with 9 additions and 1 deletions
|
@ -203,6 +203,11 @@ XcursorImageCreate (int width, int height)
|
|||
{
|
||||
XcursorImage *image;
|
||||
|
||||
if (width < 0 || height < 0)
|
||||
return NULL;
|
||||
if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE)
|
||||
return NULL;
|
||||
|
||||
image = malloc (sizeof (XcursorImage) +
|
||||
width * height * sizeof (XcursorPixel));
|
||||
if (!image)
|
||||
|
@ -483,7 +488,8 @@ _XcursorReadImage (XcursorFile *file,
|
|||
if (!_XcursorReadUInt (file, &head.delay))
|
||||
return NULL;
|
||||
/* sanity check data */
|
||||
if (head.width >= 0x10000 || head.height > 0x10000)
|
||||
if (head.width > XCURSOR_IMAGE_MAX_SIZE ||
|
||||
head.height > XCURSOR_IMAGE_MAX_SIZE)
|
||||
return NULL;
|
||||
if (head.width == 0 || head.height == 0)
|
||||
return NULL;
|
||||
|
@ -877,9 +883,11 @@ load_all_cursors_from_dir(const char *path, int size,
|
|||
return;
|
||||
|
||||
for(ent = readdir(dir); ent; ent = readdir(dir)) {
|
||||
#ifdef _DIRENT_HAVE_D_TYPE
|
||||
if (ent->d_type != DT_UNKNOWN &&
|
||||
(ent->d_type != DT_REG && ent->d_type != DT_LNK))
|
||||
continue;
|
||||
#endif
|
||||
|
||||
full = _XcursorBuildFullname(path, "", ent->d_name);
|
||||
if (!full)
|
||||
|
|
Loading…
Reference in a new issue