Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:AndreasSchwab:13.1
freetype2
CVE-2014-9667.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2014-9667.patch of Package freetype2
From 677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <wl@gnu.org> Date: Wed, 12 Nov 2014 20:26:44 +0000 Subject: [sfnt] Fix Savannah bug #43590. * src/sfnt/ttload.c (check_table_dir, tt_face_load_font_dir): Protect against addition overflow. --- Index: freetype-2.5.0.1/src/sfnt/ttload.c =================================================================== --- freetype-2.5.0.1.orig/src/sfnt/ttload.c +++ freetype-2.5.0.1/src/sfnt/ttload.c @@ -207,7 +207,10 @@ } /* we ignore invalid tables */ - if ( table.Offset + table.Length > stream->size ) + + /* table.Offset + table.Length > stream->size ? */ + if ( table.Length > stream->size || + table.Offset > stream->size - table.Length ) { FT_TRACE2(( "check_table_dir: table entry %d invalid\n", nn )); continue; @@ -398,7 +401,10 @@ entry->Length = FT_GET_LONG(); /* ignore invalid tables */ - if ( entry->Offset + entry->Length > stream->size ) + + /* entry->Offset + entry->Length > stream->size ? */ + if ( entry->Length > stream->size || + entry->Offset > stream->size - entry->Length ) continue; else {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor