zjl/new
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
new/yocto/poky/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch
zjl 295e01dc7a first commit
2025-05-10 21:58:58 +08:00

59 lines
2.0 KiB
Diff
Raw Blame History

From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001
From: "Thomas E. Dickey" <dickey@invisible-island.net>
Date: Tue, 4 Oct 2022 18:26:17 -0400
Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback
Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1d11822601fd24a396b354fa616b04ed3df8b4ef]
CVE: CVE-2022-3554
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
fix a memory leak in XRegisterIMInstantiateCallback
Analysis:
_XimRegisterIMInstantiateCallback() opens an XIM and closes it using
the internal function pointers, but the internal close function does
not free the pointer to the XIM (this would be done in XCloseIM()).
Report/patch:
Date: Mon, 03 Oct 2022 18:47:32 +0800
From: Po Lu <luangruo@yahoo.com>
To: xorg-devel@lists.x.org
Subject: Re: Yet another leak in Xlib
For reference, here's how I'm calling XRegisterIMInstantiateCallback:
XSetLocaleModifiers ("");
XRegisterIMInstantiateCallback (compositor.display,
XrmGetDatabase (compositor.display),
(char *) compositor.resource_name,
(char *) compositor.app_name,
IMInstantiateCallback, NULL);
and XMODIFIERS is:
@im=ibus
Signed-off-by: Thomas E. Dickey's avatarThomas E. Dickey <dickey@invisible-island.net>
---
modules/im/ximcp/imInsClbk.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c
index 95b379c..c10e347 100644
--- a/modules/im/ximcp/imInsClbk.c
+++ b/modules/im/ximcp/imInsClbk.c
@@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback(
if( xim ) {
lock = True;
xim->methods->close( (XIM)xim );
+ /* XIMs must be freed manually after being opened; close just
+ does the protocol to deinitialize the IM. */
+ XFree( xim );
lock = False;
icb->call = True;
callback( display, client_data, NULL );
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink