On 15.02.2015 09:15 PM, Michael DePaulo wrote: > On Sun, Feb 15, 2015 at 3:01 PM, Michael DePaulo <[email protected]> wrote: >> On Sun, Feb 15, 2015 at 2:11 PM, Mihai Moldovan <[email protected]> wrote: >>> On 14.02.2015 05:47 PM, [email protected] wrote: >>>> [...] >>>> diff --git a/nx-X11/lib/font/fontfile/decompress.c >>>> b/nx-X11/lib/font/fontfile/decompress.c >>>> index a4c5468..553b315 100644 >>>> --- a/nx-X11/lib/font/fontfile/decompress.c >>>> +++ b/nx-X11/lib/font/fontfile/decompress.c >>>> @@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f) >>>> */ >>>> while ( code >= 256 ) >>>> { >>>> + if (stackp - de_stack >= STACK_SIZE - 1) >>>> + return BUFFILEEOF; >>> Personally, I would have written that as >>> if ((stackp - de_stack) >= (STACK_SIZE - 1)) >>> >>> But that's my personal style and I like to over-parenthesis. >> Both the upstream commit and the RHEL5 patch have it written this way, >> but I agree that your style is better. >> >> http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 >> >> ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/libXfont-1.2.2-1.0.6.el5_11.src.rpm >> (cve-2011-2895.patch)
I know. I merely pointed that out (and have taken a look at the upstream patch beforehand.) > On a related note, upstream has this follow-up commit: > http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=bd48ad11fd11412c62c3ac8ed5d52c4f10a985aa > > It was not backported to RHEL5 though. We should probably backport it, though. Looks like an improvement (fixing the issue more deeply.)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ x2go-dev mailing list [email protected] http://lists.x2go.org/listinfo/x2go-dev
