Overview

File CVE-2014-9672.patch of Package freetype2.449

From 18a8f0d9943369449bc4de92d411c78fb08d616c Mon Sep 17 00:00:00 2001
From: suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
Date: Wed, 26 Nov 2014 07:11:38 +0000
Subject: Fix Savannah bug #43540.

* src/base/ftmac.c (parse_fond): Prevent a buffer overrun
caused by a font including too many (> 63) strings to store
names[] table.
---
diff --git a/src/base/ftmac.c b/src/base/ftmac.c
index 9b49da8..184a2e1 100644
--- a/src/base/ftmac.c
+++ b/src/base/ftmac.c
@@ -440,9 +440,10 @@
       style = (StyleTable*)p;
       p += sizeof ( StyleTable );
       string_count = EndianS16_BtoN( *(short*)(p) );
+      string_count = FT_MIN( 64, string_count );
       p += sizeof ( short );
 
-      for ( i = 0; i < string_count && i < 64; i++ )
+      for ( i = 0; i < string_count; i++ )
       {
         names[i] = p;
         p       += names[i][0];
@@ -459,7 +460,7 @@
           ps_name[ps_name_len] = 0;
         }
         if ( style->indexes[face_index] > 1 &&
-             style->indexes[face_index] <= FT_MIN( string_count, 64 ) )
+             style->indexes[face_index] <= string_count )
         {
           unsigned char*  suffixes = names[style->indexes[face_index] - 1];
 
--
cgit v0.9.0.2
openSUSE Build Service is sponsored by
Places