File u_libxfont_bdfreadproperties_property_count_needs_range_check.patch of Package libXfont.1655

Subject: bdfReadProperties: property count needs range check
References: bnc#921978, CVE-2015-1802
Signed-off-by: msrb@suse.com

 check [CVE-2015-AAAA]
---
 src/bitmap/bdfread.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
--- a/src/bitmap/bdfread.c	
+++ a/src/bitmap/bdfread.c	
@@ -604,7 +604,9 @@ bdfReadProperties(FontFilePtr file, FontPtr pFont, bdfFileState *pState)
 	bdfError("missing 'STARTPROPERTIES'\n");
 	return (FALSE);
     }
-    if (sscanf((char *) line, "STARTPROPERTIES %d", &nProps) != 1) {
+    if ((sscanf((char *) line, "STARTPROPERTIES %d", &nProps) != 1) ||
+	(nProps <= 0) ||
+	(nProps > ((INT32_MAX / sizeof(FontPropRec)) - BDF_GENPROPS))) {
 	bdfError("bad 'STARTPROPERTIES'\n");
 	return (FALSE);
     }
--
openSUSE Build Service is sponsored by