File CVE-2014-9675.patch of Package freetype2.449
From 2c4832d30939b45c05757f0a05128ce64c4cacc7 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Fri, 07 Nov 2014 06:42:33 +0000
Subject: Fix Savannah bug #43535.
* src/bdf/bdflib.c (_bdf_strncmp): New macro that checks one
character more than `strncmp'.
s/ft_strncmp/_bdf_strncmp/ everywhere.
---
Index: freetype-2.5.3/src/bdf/bdflib.c
===================================================================
--- freetype-2.5.3.orig/src/bdf/bdflib.c
+++ freetype-2.5.3/src/bdf/bdflib.c
@@ -169,6 +169,18 @@
sizeof ( _bdf_properties[0] );
+ /* An auxiliary macro to parse properties, to be used in conditionals. */
+ /* It behaves like `strncmp' but also tests the following character */
+ /* whether it is a whitespace or NULL. */
+ /* `property' is a constant string of length `n' to compare with. */
+#define _bdf_strncmp( name, property, n ) \
+ ( ft_strncmp( name, property, n ) || \
+ !( name[n] == ' ' || \
+ name[n] == '\0' || \
+ name[n] == '\n' || \
+ name[n] == '\r' || \
+ name[n] == '\t' ) )
+
/* Auto correction messages. */
#define ACMSG1 "FONT_ASCENT property missing. " \
"Added `FONT_ASCENT %hd'.\n"
@@ -1408,7 +1420,7 @@
/* If the property happens to be a comment, then it doesn't need */
/* to be added to the internal hash table. */
- if ( ft_strncmp( name, "COMMENT", 7 ) != 0 )
+ if ( _bdf_strncmp( name, "COMMENT", 7 ) != 0 )
{
/* Add the property to the font property table. */
error = hash_insert( fp->name,
@@ -1426,13 +1438,13 @@
/* FONT_ASCENT and FONT_DESCENT need to be assigned if they are */
/* present, and the SPACING property should override the default */
/* spacing. */
- if ( ft_strncmp( name, "DEFAULT_CHAR", 12 ) == 0 )
+ if ( _bdf_strncmp( name, "DEFAULT_CHAR", 12 ) == 0 )
font->default_char = fp->value.l;
- else if ( ft_strncmp( name, "FONT_ASCENT", 11 ) == 0 )
+ else if ( _bdf_strncmp( name, "FONT_ASCENT", 11 ) == 0 )
font->font_ascent = fp->value.l;
- else if ( ft_strncmp( name, "FONT_DESCENT", 12 ) == 0 )
+ else if ( _bdf_strncmp( name, "FONT_DESCENT", 12 ) == 0 )
font->font_descent = fp->value.l;
- else if ( ft_strncmp( name, "SPACING", 7 ) == 0 )
+ else if ( _bdf_strncmp( name, "SPACING", 7 ) == 0 )
{
if ( !fp->value.atom )
{
@@ -1490,7 +1502,7 @@
memory = font->memory;
/* Check for a comment. */
- if ( ft_strncmp( line, "COMMENT", 7 ) == 0 )
+ if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 )
{
linelen -= 7;
@@ -1507,7 +1519,7 @@
/* The very first thing expected is the number of glyphs. */
if ( !( p->flags & _BDF_GLYPHS ) )
{
- if ( ft_strncmp( line, "CHARS", 5 ) != 0 )
+ if ( _bdf_strncmp( line, "CHARS", 5 ) != 0 )
{
FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG1, lineno, "CHARS" ));
error = FT_THROW( Missing_Chars_Field );
@@ -1541,7 +1553,7 @@
}
/* Check for the ENDFONT field. */
- if ( ft_strncmp( line, "ENDFONT", 7 ) == 0 )
+ if ( _bdf_strncmp( line, "ENDFONT", 7 ) == 0 )
{
if ( p->flags & _BDF_GLYPH_BITS )
{
@@ -1563,7 +1575,7 @@
}
/* Check for the ENDCHAR field. */
- if ( ft_strncmp( line, "ENDCHAR", 7 ) == 0 )
+ if ( _bdf_strncmp( line, "ENDCHAR", 7 ) == 0 )
{
p->glyph_enc = 0;
p->flags &= ~_BDF_GLYPH_BITS;
@@ -1579,7 +1591,7 @@
goto Exit;
/* Check for the STARTCHAR field. */
- if ( ft_strncmp( line, "STARTCHAR", 9 ) == 0 )
+ if ( _bdf_strncmp( line, "STARTCHAR", 9 ) == 0 )
{
/* Set the character name in the parse info first until the */
/* encoding can be checked for an unencoded character. */
@@ -1613,7 +1625,7 @@
}
/* Check for the ENCODING field. */
- if ( ft_strncmp( line, "ENCODING", 8 ) == 0 )
+ if ( _bdf_strncmp( line, "ENCODING", 8 ) == 0 )
{
if ( !( p->flags & _BDF_GLYPH ) )
{
@@ -1799,7 +1811,7 @@
}
/* Expect the SWIDTH (scalable width) field next. */
- if ( ft_strncmp( line, "SWIDTH", 6 ) == 0 )
+ if ( _bdf_strncmp( line, "SWIDTH", 6 ) == 0 )
{
if ( !( p->flags & _BDF_ENCODING ) )
goto Missing_Encoding;
@@ -1815,7 +1827,7 @@
}
/* Expect the DWIDTH (scalable width) field next. */
- if ( ft_strncmp( line, "DWIDTH", 6 ) == 0 )
+ if ( _bdf_strncmp( line, "DWIDTH", 6 ) == 0 )
{
if ( !( p->flags & _BDF_ENCODING ) )
goto Missing_Encoding;
@@ -1843,7 +1855,7 @@
}
/* Expect the BBX field next. */
- if ( ft_strncmp( line, "BBX", 3 ) == 0 )
+ if ( _bdf_strncmp( line, "BBX", 3 ) == 0 )
{
if ( !( p->flags & _BDF_ENCODING ) )
goto Missing_Encoding;
@@ -1911,7 +1923,7 @@
}
/* And finally, gather up the bitmap. */
- if ( ft_strncmp( line, "BITMAP", 6 ) == 0 )
+ if ( _bdf_strncmp( line, "BITMAP", 6 ) == 0 )
{
unsigned long bitmap_size;
@@ -1986,7 +1998,7 @@
p = (_bdf_parse_t *) client_data;
/* Check for the end of the properties. */
- if ( ft_strncmp( line, "ENDPROPERTIES", 13 ) == 0 )
+ if ( _bdf_strncmp( line, "ENDPROPERTIES", 13 ) == 0 )
{
/* If the FONT_ASCENT or FONT_DESCENT properties have not been */
/* encountered yet, then make sure they are added as properties and */
@@ -2027,12 +2039,12 @@
}
/* Ignore the _XFREE86_GLYPH_RANGES properties. */
- if ( ft_strncmp( line, "_XFREE86_GLYPH_RANGES", 21 ) == 0 )
+ if ( _bdf_strncmp( line, "_XFREE86_GLYPH_RANGES", 21 ) == 0 )
goto Exit;
/* Handle COMMENT fields and properties in a special way to preserve */
/* the spacing. */
- if ( ft_strncmp( line, "COMMENT", 7 ) == 0 )
+ if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 )
{
name = value = line;
value += 7;
@@ -2096,7 +2108,7 @@
/* Check for a comment. This is done to handle those fonts that have */
/* comments before the STARTFONT line for some reason. */
- if ( ft_strncmp( line, "COMMENT", 7 ) == 0 )
+ if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 )
{
if ( p->opts->keep_comments != 0 && p->font != 0 )
{
@@ -2122,7 +2134,7 @@
{
memory = p->memory;
- if ( ft_strncmp( line, "STARTFONT", 9 ) != 0 )
+ if ( _bdf_strncmp( line, "STARTFONT", 9 ) != 0 )
{
/* we don't emit an error message since this code gets */
/* explicitly caught one level higher */
@@ -2170,7 +2182,7 @@
}
/* Check for the start of the properties. */
- if ( ft_strncmp( line, "STARTPROPERTIES", 15 ) == 0 )
+ if ( _bdf_strncmp( line, "STARTPROPERTIES", 15 ) == 0 )
{
if ( !( p->flags & _BDF_FONT_BBX ) )
{
@@ -2199,7 +2211,7 @@
}
/* Check for the FONTBOUNDINGBOX field. */
- if ( ft_strncmp( line, "FONTBOUNDINGBOX", 15 ) == 0 )
+ if ( _bdf_strncmp( line, "FONTBOUNDINGBOX", 15 ) == 0 )
{
if ( !( p->flags & _BDF_SIZE ) )
{
@@ -2230,7 +2242,7 @@
}
/* The next thing to check for is the FONT field. */
- if ( ft_strncmp( line, "FONT", 4 ) == 0 )
+ if ( _bdf_strncmp( line, "FONT", 4 ) == 0 )
{
error = _bdf_list_split( &p->list, (char *)" +", line, linelen );
if ( error )
@@ -2265,7 +2277,7 @@
}
/* Check for the SIZE field. */
- if ( ft_strncmp( line, "SIZE", 4 ) == 0 )
+ if ( _bdf_strncmp( line, "SIZE", 4 ) == 0 )
{
if ( !( p->flags & _BDF_FONT_NAME ) )
{
@@ -2319,7 +2331,7 @@
}
/* Check for the CHARS field -- font properties are optional */
- if ( ft_strncmp( line, "CHARS", 5 ) == 0 )
+ if ( _bdf_strncmp( line, "CHARS", 5 ) == 0 )
{
char nbuf[128];
