summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Müller <ulm@gentoo.org>2010-10-09 14:03:24 +0000
committerUlrich Müller <ulm@gentoo.org>2010-10-09 14:03:24 +0000
commitdcbcdda29e9ec2ff17bd5dab69f10e92af0fe72b (patch)
treebd0bb15327a5bc4b744bb784fe068dfaa40e3631 /patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch
parentFix typo. (diff)
downloadulm-dcbcdda29e9ec2ff17bd5dab69f10e92af0fe72b.tar.gz
ulm-dcbcdda29e9ec2ff17bd5dab69f10e92af0fe72b.tar.bz2
ulm-dcbcdda29e9ec2ff17bd5dab69f10e92af0fe72b.zip
Fix buffer overflow in libmrm, bug 340249.openmotif-2.2.3-patches-4
Diffstat (limited to 'patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch')
-rw-r--r--patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch17
1 files changed, 17 insertions, 0 deletions
diff --git a/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch b/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch
new file mode 100644
index 0000000..d4080df
--- /dev/null
+++ b/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch
@@ -0,0 +1,17 @@
+http://bugs.gentoo.org/340249
+Patch backported from openmotif-2.3.3
+
+--- openMotif-2.2.3-orig/lib/Mrm/MrmIheader.c
++++ openMotif-2.2.3/lib/Mrm/MrmIheader.c
+@@ -228,9 +228,10 @@
+
+ {
+ /* sscanf() may call ungetc(), which would write the XmConst string. */
+- char buf[XtNumber(idb__database_version) + 1];
++ char *buf = XtMalloc(strlen(idb__database_version) + 1);
+ strcpy(buf, idb__database_version);
+ sscanf(buf, "URM %d.%d", &db_major, &db_minor);
++ XtFree(buf);
+ }
+
+ if ((file_major > db_major) ||