File U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch of Package libXfont.1655

From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Date: Mon Jul 13 14:43:06 2015 -0400
Subject: [PATCH]bdfReadCharacters: Allow negative DWIDTH values
Patch-mainline: Upstream
Git-commit: 1a73d6828dfa03924f2d68644fb5b99afd9c78e2
Git-repo: git://anongit.freedesktop.org/git/xorg/lib/libXfont
References: boo#958383
Signed-off-by: Egbert Eich <eich@suse.com>

The fix for CVE-2015-1804 prevent DWIDTH to be negative.
However, the spec states that "DWIDTH [...] is a vector indicating the
position of the next glyph’s origin relative to the origin of this glyph."

So negative values are correct.

Found by trying to compile XTS.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
 src/bitmap/bdfread.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c
index a0ace8f..eccd7b7 100644
--- a/src/bitmap/bdfread.c
+++ b/src/bitmap/bdfread.c
@@ -426,7 +426,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState,
 	    goto BAILOUT;
 	}
 	/* xCharInfo metrics are stored as INT16 */
-	if ((wx < 0) || (wx > INT16_MAX)) {
+	if ((wx < INT16_MIN) || (wx > INT16_MAX)) {
 	    bdfError("character '%s' has out of range width, %d\n",
 		     charName, wx);
 	    goto BAILOUT;
openSUSE Build Service is sponsored by