xcursor: fix CVE-2013-2003

The libXcursor fix for CVE-2013-2003 has never been imported into wlroots, leaving it vulnerable to it. Changing the argument type to an unsigned type is an effective merge of Ilja Van Sprundel's commit in libXcursor. Proof of Concept (compile with address sanitizer): $ mkdir -p ~/.local/share/icons/poc/cursors $ base64 -d <<< WGN1chAAAAAAAAAA/////w== > \ ~/.local/share/icons/poc/cursors/poc $ echo "seat seat0 xcursor_theme poc 10" > ~/poc-config $ sway -c ~/poc-config
author: Tobias Stoeckmann <tobias@stoeckmann.org> 2021-05-02 16:48:21 +0200
committer: Simon Ser <contact@emersion.fr> 2021-05-02 17:04:59 +0200
commit: d0c1f0c0b6370a0462fcb30d041e37f22fe33076 (patch)
tree: 49dfe57d9fc046df6642d2700d12179153d01356 /xcursor
parent: 66d5805594803adf44c9213142903b7f5e74c1b0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/xcursor/xcursor.c b/xcursor/xcursor.c
index 5c4538a2..4415a659 100644
--- a/xcursor/xcursor.c
+++ b/xcursor/xcursor.c
@@ -301,7 +301,7 @@ _XcursorFileHeaderDestroy (XcursorFileHeader *fileHeader)
 }
 
 static XcursorFileHeader *
-_XcursorFileHeaderCreate (int ntoc)
+_XcursorFileHeaderCreate (XcursorUInt ntoc)
 {
     XcursorFileHeader	*fileHeader;
author	Tobias Stoeckmann <tobias@stoeckmann.org>	2021-05-02 16:48:21 +0200
committer	Simon Ser <contact@emersion.fr>	2021-05-02 17:04:59 +0200
commit	d0c1f0c0b6370a0462fcb30d041e37f22fe33076 (patch)
tree	49dfe57d9fc046df6642d2700d12179153d01356 /xcursor
parent	66d5805594803adf44c9213142903b7f5e74c1b0 (diff)