summarylogtreecommitdiffstats
path: root/freetype-2.4.11-CVE-2014-9671.patch
diff options
context:
space:
mode:
authorvlad2015-07-08 15:45:40 +0300
committervlad2015-07-08 15:45:40 +0300
commit619a79ad7ef869b81ee83ce63247db2300594337 (patch)
tree32c7927919f29774199c7958918d329adc41b4f6 /freetype-2.4.11-CVE-2014-9671.patch
downloadaur-619a79ad7ef869b81ee83ce63247db2300594337.tar.gz
Initial import
Diffstat (limited to 'freetype-2.4.11-CVE-2014-9671.patch')
-rw-r--r--freetype-2.4.11-CVE-2014-9671.patch36
1 files changed, 36 insertions, 0 deletions
diff --git a/freetype-2.4.11-CVE-2014-9671.patch b/freetype-2.4.11-CVE-2014-9671.patch
new file mode 100644
index 00000000000..a29115095cd
--- /dev/null
+++ b/freetype-2.4.11-CVE-2014-9671.patch
@@ -0,0 +1,36 @@
+From 0e2f5d518c60e2978f26400d110eff178fa7e3c3 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Thu, 06 Nov 2014 21:32:46 +0000
+Subject: Fix Savannah bug #43547.
+
+* src/pcf/pcfread.c (pcf_read_TOC): Check `size' and `offset'
+values.
+---
+diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
+index f63377b..8db31bd 100644
+--- a/src/pcf/pcfread.c
++++ b/src/pcf/pcfread.c
+@@ -151,6 +151,21 @@ THE SOFTWARE.
+ break;
+ }
+
++ /* we now check whether the `size' and `offset' values are reasonable: */
++ /* `offset' + `size' must not exceed the stream size */
++ tables = face->toc.tables;
++ for ( n = 0; n < toc->count; n++ )
++ {
++ /* we need two checks to avoid overflow */
++ if ( ( tables->size > stream->size ) ||
++ ( tables->offset > stream->size - tables->size ) )
++ {
++ error = PCF_Err_Invalid_Table;
++ goto Exit;
++ }
++ tables++;
++ }
++
+ #ifdef FT_DEBUG_LEVEL_TRACE
+
+ {
+--
+cgit v0.9.0.2