Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
freetype2.418
bnc730124_CVE-2011-3256.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bnc730124_CVE-2011-3256.patch of Package freetype2.418
--- include/freetype/config/ftstdlib.h | 1 + src/base/ftbitmap.c | 4 ++++ src/psaux/t1decode.c | 7 +++++++ src/raster/ftrend1.c | 7 +++++++ src/truetype/ttgxvar.c | 3 +++ 5 files changed, 22 insertions(+) Index: freetype-2.4.4/src/base/ftbitmap.c =================================================================== --- freetype-2.4.4.orig/src/base/ftbitmap.c +++ freetype-2.4.4/src/base/ftbitmap.c @@ -417,6 +417,10 @@ target->pitch = source->width + pad; + if ( target->pitch > 0 && + target->rows > FT_ULONG_MAX / target->pitch ) + return FT_Err_Invalid_Argument; + if ( target->rows * target->pitch > old_size && FT_QREALLOC( target->buffer, old_size, target->rows * target->pitch ) ) Index: freetype-2.4.4/src/psaux/t1decode.c =================================================================== --- freetype-2.4.4.orig/src/psaux/t1decode.c +++ freetype-2.4.4/src/psaux/t1decode.c @@ -747,6 +747,13 @@ if ( arg_cnt != 0 ) goto Unexpected_OtherSubr; + if ( decoder->flex_state == 0 ) + { + FT_ERROR(( "t1_decoder_parse_charstrings:" + " missing flex start\n" )); + goto Syntax_Error; + } + /* note that we should not add a point for index 0; */ /* this will move our current position to the flex */ /* point without adding any point to the outline */ Index: freetype-2.4.4/src/raster/ftrend1.c =================================================================== --- freetype-2.4.4.orig/src/raster/ftrend1.c +++ freetype-2.4.4/src/raster/ftrend1.c @@ -168,6 +168,13 @@ width = (FT_UInt)( ( cbox.xMax - cbox.xMin ) >> 6 ); height = (FT_UInt)( ( cbox.yMax - cbox.yMin ) >> 6 ); + + if ( width > FT_USHORT_MAX || height > FT_USHORT_MAX ) + { + error = Raster_Err_Invalid_Argument; + goto Exit; + } + bitmap = &slot->bitmap; memory = render->root.memory; Index: freetype-2.4.4/src/truetype/ttgxvar.c =================================================================== --- freetype-2.4.4.orig/src/truetype/ttgxvar.c +++ freetype-2.4.4/src/truetype/ttgxvar.c @@ -1474,6 +1474,9 @@ { for ( j = 0; j < point_count; ++j ) { + if ( localpoints[j] >= n_points ) + continue; + delta_xy[localpoints[j]].x += FT_MulFix( deltas_x[j], apply ); delta_xy[localpoints[j]].y += FT_MulFix( deltas_y[j], apply ); } Index: freetype-2.4.4/include/freetype/config/ftstdlib.h =================================================================== --- freetype-2.4.4.orig/include/freetype/config/ftstdlib.h +++ freetype-2.4.4/include/freetype/config/ftstdlib.h @@ -63,6 +63,7 @@ #define FT_INT_MAX INT_MAX #define FT_INT_MIN INT_MIN #define FT_UINT_MAX UINT_MAX +#define FT_USHORT_MAX USHRT_MAX #define FT_ULONG_MAX ULONG_MAX
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor