xcursor: fix CVE-2013-2003

The libXcursor fix for CVE-2013-2003 has never been imported into
wlroots, leaving it vulnerable to it.

Changing the argument type to an unsigned type is an effective merge of
Ilja Van Sprundel's commit in libXcursor.

Proof of Concept (compile with address sanitizer):

$ mkdir -p ~/.local/share/icons/poc/cursors
$ base64 -d <<< WGN1chAAAAAAAAAA/////w== > \
    ~/.local/share/icons/poc/cursors/poc
$ echo "seat seat0 xcursor_theme poc 10" > ~/poc-config
$ sway -c ~/poc-config
This commit is contained in:
Tobias Stoeckmann 2021-05-02 16:48:21 +02:00 committed by Simon Ser
parent 66d5805594
commit d0c1f0c0b6

View file

@ -301,7 +301,7 @@ _XcursorFileHeaderDestroy (XcursorFileHeader *fileHeader)
} }
static XcursorFileHeader * static XcursorFileHeader *
_XcursorFileHeaderCreate (int ntoc) _XcursorFileHeaderCreate (XcursorUInt ntoc)
{ {
XcursorFileHeader *fileHeader; XcursorFileHeader *fileHeader;