File U_0001-Fix-an-integer-overflow-in-init_om.patch of Package libX11
From acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@herrb.eu>
Date: Thu, 13 Aug 2020 18:02:58 +0200
Subject: [PATCH] Fix an integer overflow in init_om()
CVE-2020-14363
This can lead to a double free later, as reported by Jayden Rivers.
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
---
modules/om/generic/omGeneric.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: libX11-1.6.5/modules/om/generic/omGeneric.c
===================================================================
--- libX11-1.6.5.orig/modules/om/generic/omGeneric.c
+++ libX11-1.6.5/modules/om/generic/omGeneric.c
@@ -1920,7 +1920,8 @@ init_om(
char **required_list;
XOrientation *orientation;
char **value, buf[BUFSIZ], *bufptr;
- int count = 0, num = 0, length = 0;
+ int count = 0, num = 0;
+ unsigned int length = 0;
_XlcGetResource(lcd, "XLC_FONTSET", "on_demand_loading", &value, &count);
if (count > 0 && _XlcCompareISOLatin1(*value, "True") == 0)