GNU bug report logs - #72245
[PATCH] Fix integer overflow when reading XPM

Previous Next

Package: emacs;

Reported by: Stefan Kangas <stefankangas <at> gmail.com>

Date: Mon, 22 Jul 2024 14:37:02 UTC

Severity: minor

Tags: patch

Fixed in version 31.1

Done: Stefan Kangas <stefankangas <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Po Lu <luangruo <at> yahoo.com>
Cc: 72245 <at> debbugs.gnu.org
Subject: bug#72245: [PATCH] Fix integer overflow when reading XPM
Date: Mon, 22 Jul 2024 20:04:23 -0700

Po Lu <luangruo <at> yahoo.com> writes:

> Stefan Kangas <stefankangas <at> gmail.com> writes:
>
>> Severity: minor
>>
>> Since XPM files are untrusted input, I think we'd better handle
>> integer
>> overflow when parsing it, in case the file is malformed.
>>
>> Proposed patch attached.
>
> What are the security implications of accepting whatever scanf produces
> in the event of an overflow?

There is a good summary here:

    https://cwe.mitre.org/data/definitions/190.html

This bug report was last modified 264 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #72245 [PATCH] Fix integer overflow when reading XPM

GNU bug report logs - #72245
[PATCH] Fix integer overflow when reading XPM