File bnc633938_CVE-2010-3053.diff of Package ft2demos

From f4c94d4b5f6b3e13415025ffa6fa07415d00104d Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sat, 19 Jun 2010 14:08:31 +0000
Subject: Fix Savannah bug #30135.

* src/bdf/bdflib.c (_bdf_list_join): Don't modify value in static
string `empty'.
(_bdf_parse_glyph): Avoid memory leak in case of error.
---
---
 src/bdf/bdflib.c |   18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

Index: freetype-2.3.9/src/bdf/bdflib.c
===================================================================
--- freetype-2.3.9.orig/src/bdf/bdflib.c
+++ freetype-2.3.9/src/bdf/bdflib.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 2000 Computing Research Labs, New Mexico State University
- * Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2009
+ * Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2009, 2010
  *   Francesco Zappa Nardelli
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -470,6 +470,11 @@
   }
 
 
+  /* An empty string for empty fields. */
+
+  static const char  empty[1] = { 0 };      /* XXX eliminate this */
+
+
   static char *
   _bdf_list_join( _bdf_list_t*    list,
                   int             c,
@@ -494,18 +499,14 @@
       if ( i + 1 < list->used )
         dp[j++] = (char)c;
     }
-    dp[j] = 0;
+    if ( dp != empty )
+      dp[j] = 0;
 
     *alen = j;
     return dp;
   }
 
 
-  /* An empty string for empty fields. */
-
-  static const char  empty[1] = { 0 };      /* XXX eliminate this */
-
-
   static FT_Error
   _bdf_list_split( _bdf_list_t*   list,
                    char*          separators,
@@ -1865,6 +1866,9 @@
     error = BDF_Err_Invalid_File_Format;
 
   Exit:
+    if ( error && ( p->flags & _BDF_GLYPH ) )
+      FT_FREE( p->glyph_name );
+
     return error;
   }