[Git][xorg-team/app/xterm][debian-unstable] 2 commits: Cherry-pick sixel graphics fixes from xterm 370d and 370f

["Sven Joachim (@joachim-guest)" <gitlab@salsa.debian.org>]

Title: GitLab

Sven Joachim pushed to branch debian-unstable at X Strike Force / app / xterm

Commits:

• 4a9e3948
  by Sven Joachim at 2022-02-01T20:54:56+01:00

  Cherry-pick sixel graphics fixes from xterm 370d and 370f
  
  Check for out-of-bounds condition while drawing sixels, and quit that
  operation (report by Nick Black, CVE-2022-24130).
  

• 71f23810
  by Sven Joachim at 2022-02-01T20:57:09+01:00

  Upload to unstable
  

3 changed files:

• debian/changelog
• + debian/patches/CVE-2022-24130.diff
• debian/patches/series

Changes:

debian/changelog

---

	1	+xterm (370-2) unstable; urgency=medium
	2	+
	3	+ * Cherry-pick sixel graphics fixes from xterm 370d and 370f.
	4	+ - Check for out-of-bounds condition while drawing sixels, and quit
	5	+ that operation (report by Nick Black (CVE-2022-24130),
	6	+ Closes: #1004689).
	7	+
	8	+ -- Sven Joachim <svenjoac@gmx.de> Tue, 01 Feb 2022 20:56:55 +0100
	9	+
1	10	xterm (370-1) unstable; urgency=medium
2	11
3	12	* New upstream release.

debian/patches/CVE-2022-24130.diff

---

	1	+Description: Cherry-pick sixel graphics fixes from xterm 370d and 370f
	2	+ Check for out-of-bounds condition while drawing sixels, and quit that
	3	+ operation (report by Nick Black, CVE-2022-24130).
	4	+Bug-Debian: https://bugs.debian.org/1004689
	5	+
	6	+---
	7	+ graphics_sixel.c | 25 +++++++++++++++++++------
	8	+ 1 file changed, 19 insertions(+), 6 deletions(-)
	9	+
	10	+--- a/graphics_sixel.c
	11	++++ b/graphics_sixel.c
	12	+@@ -149,7 +149,7 @@ init_sixel_background(Graphic *graphic,
	13	+ graphic->color_registers_used[context->background] = 1;
	14	+ }
	15	+
	16	+-static void
	17	++static Boolean
	18	+ set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
	19	+ {
	20	+ const int mh = graphic->max_height;
	21	+@@ -170,7 +170,10 @@ set_sixel(Graphic *graphic, SixelContext
	22	+ ((color != COLOR_HOLE)
	23	+ ? (unsigned) graphic->color_registers[color].b : 0U)));
	24	+ for (pix = 0; pix < 6; pix++) {
	25	+- if (context->col < mw && context->row + pix < mh) {
	26	++ if (context->col >= 0 &&
	27	++ context->col < mw &&
	28	++ context->row + pix >= 0 &&
	29	++ context->row + pix < mh) {
	30	+ if (sixel & (1 << pix)) {
	31	+ if (context->col + 1 > graphic->actual_width) {
	32	+ graphic->actual_width = context->col + 1;
	33	+@@ -183,8 +186,10 @@ set_sixel(Graphic *graphic, SixelContext
	34	+ }
	35	+ } else {
	36	+ TRACE(("sixel pixel %d out of bounds\n", pix));
	37	++ return False;
	38	+ }
	39	+ }
	40	++ return True;
	41	+ }
	42	+
	43	+ static void
	44	+@@ -462,8 +467,12 @@ parse_sixel(XtermWidget xw, ANSI *params
	45	+ init_sixel_background(graphic, &context);
	46	+ graphic->valid = 1;
	47	+ }
	48	+- if (sixel)
	49	+- set_sixel(graphic, &context, sixel);
	50	++ if (sixel) {
	51	++ if (!set_sixel(graphic, &context, sixel)) {
	52	++ context.col = 0;
	53	++ break;
	54	++ }
	55	++ }
	56	+ context.col++;
	57	+ } else if (ch == '$') { /* DECGCR */
	58	+ /* ignore DECCRNLM in sixel mode */
	59	+@@ -531,8 +540,12 @@ parse_sixel(XtermWidget xw, ANSI *params
	60	+ if (sixel) {
	61	+ int i;
	62	+ for (i = 0; i < Pcount; i++) {
	63	+- set_sixel(graphic, &context, sixel);
	64	+- context.col++;
	65	++ if (set_sixel(graphic, &context, sixel)) {
	66	++ context.col++;
	67	++ } else {
	68	++ context.col = 0;
	69	++ break;
	70	++ }
	71	+ }
	72	+ } else {
	73	+ context.col += Pcount;

debian/patches/series

---

1	1	900_debian_xterm.diff
2	2	902_windowops.diff
3	3	904_fontops.diff
	4	+CVE-2022-24130.diff

—
View it on GitLab.
You're receiving this email because of your account on salsa.debian.org. If you'd like to receive fewer emails, you can adjust your notification settings.