libx11: Changes to 'debian-wheezy'

Sat, 14 Jan 2017 10:57:46 -0800 

 debian/changelog |    7 +++++++
 src/FontNames.c  |    6 ++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

New commits:
commit d3ee64d836b41fc58c2e1664cfa425b791eb4271
Author: Emilio Pozuelo Monfort <po...@debian.org>
Date:   Sat Jan 14 16:43:53 2017 +0100

    Upload to wheezy-security

diff --git a/debian/changelog b/debian/changelog
index ae6b0e7..b5b1a76 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libx11 (2:1.5.0-1+deb7u4) wheezy-security; urgency=medium
+
+  * Cherry-pick upstream commit c74b070, fix a possible invalid free
+    introduced in commit 20a3f99.
+
+ -- Emilio Pozuelo Monfort <po...@debian.org>  Sat, 14 Jan 2017 16:43:43 +0100
+
 libx11 (2:1.5.0-1+deb7u3) wheezy-security; urgency=medium
 
   * Cherry-pick upstream commits 8c29f16 and 8ea762f:

commit a2dc2a69d6b4a3706ea3b3ac1b05c250ae8c7be3
Author: Julien Cristau <jcris...@debian.org>
Date:   Sat Jan 7 16:20:31 2017 +0100

    Fix wrong Xfree in XListFonts failure path
    
    'ch' gets moved inside the allocated buffer as we're looping through
    fonts, so keep a reference to the start of the buffer so we can pass
    that to Xfree in the failure case.
    
    Fixes: commit 20a3f99eba5001925b8b313da3accb7900eb1927 "Plug a memory leak"
    
    Signed-off-by: Julien Cristau <jcris...@debian.org>
    Reviewed-by: Alan Coopersmith <alan.coopersm...@oracle.com>
    Signed-off-by: Peter Hutterer <peter.hutte...@who-t.net>

diff --git a/src/FontNames.c b/src/FontNames.c
index 86db2e5..31f671c 100644
--- a/src/FontNames.c
+++ b/src/FontNames.c
@@ -43,6 +43,7 @@ int *actualCount)     /* RETURN */
     register int length;
     char **flist = NULL;
     char *ch = NULL;
+    char *chstart;
     char *chend;
     int count = 0;
     xListFontsReply rep;
@@ -86,6 +87,7 @@ int *actualCount)     /* RETURN */
        /*
         * unpack into null terminated strings.
         */
+       chstart = ch;
        chend = ch + (rlen + 1);
        length = *(unsigned char *)ch;
        *ch = 1; /* make sure it is non-zero for XFreeFontNames */
@@ -98,14 +100,14 @@ int *actualCount)  /* RETURN */
                    *ch = '\0';  /* and replace with null-termination */
                    count++;
                } else {
-                    Xfree(ch);
+                    Xfree(chstart);
                     Xfree(flist);
                     flist = NULL;
                     count = 0;
                     break;
                }
            } else {
-                Xfree(ch);
+                Xfree(chstart);
                 Xfree(flist);
                 flist = NULL;
                 count = 0;

Reply via email to