Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
freetype2.16835
CVE-2020-15999.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-15999.patch of Package freetype2.16835
From a3bab162b2ae616074c8877a04556932998aeacd Mon Sep 17 00:00:00 2001 From: Werner Lemberg <wl@gnu.org> Date: Mon, 19 Oct 2020 23:45:28 +0200 Subject: [sfnt] Fix heap buffer overflow (#59308). This is CVE-2020-15999. * src/sfnt/pngshim.c (Load_SBit_Png): Test bitmap size earlier. --- src/sfnt/pngshim.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'src/sfnt') diff --git a/src/sfnt/pngshim.c b/src/sfnt/pngshim.c index 2e64e5846..f55016122 100644 --- a/src/sfnt/pngshim.c +++ b/src/sfnt/pngshim.c @@ -258,6 +258,14 @@ if ( populate_map_and_metrics ) { + + /* reject too large bitmaps similarly to the rasterizer */ + if ( imgHeight > 0x7FFF || imgWidth > 0x7FFF ) + { + error = FT_THROW( Array_Too_Large ); + goto DestroyExit; + } + FT_ULong size; @@ -270,13 +278,6 @@ map->pitch = (int)( map->width * 4 ); map->num_grays = 256; - /* reject too large bitmaps similarly to the rasterizer */ - if ( map->rows > 0x7FFF || map->width > 0x7FFF ) - { - error = FT_THROW( Array_Too_Large ); - goto DestroyExit; - } - /* this doesn't overflow: 0x7FFF * 0x7FFF * 4 < 2^32 */ size = map->rows * (FT_ULong)map->pitch;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor