commit: dcbcdda29e9ec2ff17bd5dab69f10e92af0fe72b Author: Ulrich Müller <ulm <AT> gentoo <DOT> org> AuthorDate: Sat Oct 9 14:03:24 2010 +0000 Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org> CommitDate: Sat Oct 9 14:03:24 2010 +0000 URL: https://gitweb.gentoo.org/dev/ulm.git/commit/?id=dcbcdda2
Fix buffer overflow in libmrm, bug 340249. patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch b/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch new file mode 100644 index 0000000..d4080df --- /dev/null +++ b/patchsets/motif/2.2.3/16_all_mrm_buffer_overflow.patch @@ -0,0 +1,17 @@ +http://bugs.gentoo.org/340249 +Patch backported from openmotif-2.3.3 + +--- openMotif-2.2.3-orig/lib/Mrm/MrmIheader.c ++++ openMotif-2.2.3/lib/Mrm/MrmIheader.c +@@ -228,9 +228,10 @@ + + { + /* sscanf() may call ungetc(), which would write the XmConst string. */ +- char buf[XtNumber(idb__database_version) + 1]; ++ char *buf = XtMalloc(strlen(idb__database_version) + 1); + strcpy(buf, idb__database_version); + sscanf(buf, "URM %d.%d", &db_major, &db_minor); ++ XtFree(buf); + } + + if ((file_major > db_major) ||
