Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.2:Update
freetype2
bnc629447_CVE-2010-2806.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bnc629447_CVE-2010-2806.diff of Package freetype2
From c06da1ad34663da7b6fc39b030dc3ae185b96557 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <wl@gnu.org> Date: Thu, 05 Aug 2010 21:15:26 +0000 Subject: Fix Savannah bug #30656. * src/type42/t42parse.c (t42_parse_sfnts): Protect against negative string_size. Fix comparison. --- --- src/type42/t42parse.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) Index: freetype-2.3.9/src/type42/t42parse.c =================================================================== --- freetype-2.3.9.orig/src/type42/t42parse.c +++ freetype-2.3.9/src/type42/t42parse.c @@ -4,7 +4,7 @@ /* */ /* Type 42 font parser (body). */ /* */ -/* Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */ +/* Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 by */ /* Roberto Alameda. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -576,6 +576,12 @@ } string_size = T1_ToInt( parser ); + if ( string_size < 0 ) + { + FT_ERROR(( "t42_parse_sfnts: invalid string size\n" )); + error = T42_Err_Invalid_File_Format; + goto Fail; + } T1_Skip_PS_Token( parser ); /* `RD' */ if ( parser->root.error ) @@ -583,13 +589,14 @@ string_buf = parser->root.cursor + 1; /* one space after `RD' */ - parser->root.cursor += string_size + 1; - if ( parser->root.cursor >= limit ) + if ( limit - parser->root.cursor < string_size ) { FT_ERROR(( "t42_parse_sfnts: too many binary data!\n" )); error = T42_Err_Invalid_File_Format; goto Fail; } + else + parser->root.cursor += string_size + 1; } if ( !string_buf )
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor