GNU bug report logs - #72245
[PATCH] Fix integer overflow when reading XPM

Previous Next

Package: emacs;

Reported by: Stefan Kangas <stefankangas <at> gmail.com>

Date: Mon, 22 Jul 2024 14:37:02 UTC

Severity: minor

Tags: patch

Fixed in version 31.1

Done: Stefan Kangas <stefankangas <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #17 received at 72245 <at> debbugs.gnu.org (full text, mbox):

From: Po Lu <luangruo <at> yahoo.com>
To: Stefan Kangas <stefankangas <at> gmail.com>
Cc: 72245 <at> debbugs.gnu.org
Subject: Re: bug#72245: [PATCH] Fix integer overflow when reading XPM
Date: Tue, 23 Jul 2024 10:06:01 +0800

Stefan Kangas <stefankangas <at> gmail.com> writes:

> Severity: minor
>
> Since XPM files are untrusted input, I think we'd better handle
> integer
> overflow when parsing it, in case the file is malformed.
>
> Proposed patch attached.

What are the security implications of accepting whatever scanf produces
in the event of an overflow?

This bug report was last modified 264 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #72245 [PATCH] Fix integer overflow when reading XPM

GNU bug report logs - #72245
[PATCH] Fix integer overflow when reading XPM