From aa7287efbf0e7f7ab13e46bb85ae71981e1ac3bd Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Thu, 9 Apr 2026 22:55:01 +0000 Subject: [PATCH] wmaker: check RCreateImage() result for _NET_WM_ICON makeRImageFromARGBData() dereferences image->data immediately after RCreateImage() without checking for NULL. A client that advertises a 20000x20000 icon makes RCreateImage() try a 1.6 GB malloc, on failure wmaker segfaults. --- src/wmspec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/wmspec.c b/src/wmspec.c index 26f4a5a6..2d9b4611 100644 --- a/src/wmspec.c +++ b/src/wmspec.c @@ -408,6 +408,8 @@ static RImage *makeRImageFromARGBData(unsigned long *data) return NULL; image = RCreateImage(width, height, True); + if (!image) + return NULL; for (imgdata = image->data, i = 2; i < size + 2; i++, imgdata += 4) { pixel = data[i];