Overview

File CVE-2012-1143.patch of Package freetype2

From ba67957d5ead443f4b6b31805d6e780d54361ca4 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sat, 03 Mar 2012 11:27:18 +0000
Subject: Fix Savannah bug #35660.

For some divisions, we use casts to 32bit entities.  Always guard
against division by zero with these casts also.

* src/base/ftcalc.c (ft_div64by32): Remove redundant cast.
(FT_MulDiv, FT_MulDiv_No_Round): Add 32bit cast.
(FT_DivFix): Add 32bit cast (this omission triggered the bug).
---
---
 src/base/ftcalc.c |   17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

Index: freetype-2.4.4/src/base/ftcalc.c
===================================================================
--- freetype-2.4.4.orig/src/base/ftcalc.c
+++ freetype-2.4.4/src/base/ftcalc.c
@@ -4,7 +4,7 @@
 /*                                                                         */
 /*    Arithmetic computations (body).                                      */
 /*                                                                         */
-/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2008 by             */
+/*  Copyright 1996-2006, 2008, 2012 by                                     */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -307,7 +307,7 @@
       q <<= 1;
       r  |= lo >> 31;
 
-      if ( r >= (FT_UInt32)y )
+      if ( r >= y )
       {
         r -= y;
         q |= 1;
@@ -373,7 +373,7 @@
     if ( a <= 46340L && b <= 46340L && c <= 176095L && c > 0 )
       a = ( a * b + ( c >> 1 ) ) / c;
 
-    else if ( c > 0 )
+    else if ( (FT_Int32)c > 0 )
     {
       FT_Int64  temp, temp2;
 
@@ -412,7 +412,7 @@
     if ( a <= 46340L && b <= 46340L && c > 0 )
       a = a * b / c;
 
-    else if ( c > 0 )
+    else if ( (FT_Int32)c > 0 )
     {
       FT_Int64  temp;
 
@@ -544,7 +544,7 @@
     s  = (FT_Int32)a; a = FT_ABS( a );
     s ^= (FT_Int32)b; b = FT_ABS( b );
 
-    if ( b == 0 )
+    if ( (FT_UInt32)b == 0 )
     {
       /* check for division by 0 */
       q = (FT_UInt32)0x7FFFFFFFL;
@@ -552,15 +552,16 @@
     else if ( ( a >> 16 ) == 0 )
     {
       /* compute result directly */
-      q = (FT_UInt32)( (a << 16) + (b >> 1) ) / (FT_UInt32)b;
+      q = (FT_UInt32)( ( a << 16 ) + ( b >> 1 ) ) / (FT_UInt32)b;
     }
     else
     {
       /* we need more bits; we have to do it by hand */
       FT_Int64  temp, temp2;
 
-      temp.hi  = (FT_Int32) (a >> 16);
-      temp.lo  = (FT_UInt32)(a << 16);
+
+      temp.hi  = (FT_Int32) ( a >> 16 );
+      temp.lo  = (FT_UInt32)( a << 16 );
       temp2.hi = 0;
       temp2.lo = (FT_UInt32)( b >> 1 );
       FT_Add64( &temp, &temp2, &temp );
openSUSE Build Service is sponsored by
Places