summarylogtreecommitdiffstats
path: root/freetype-2.4.11-CVE-2014-9658.patch
diff options
context:
space:
mode:
Diffstat (limited to 'freetype-2.4.11-CVE-2014-9658.patch')
-rw-r--r--freetype-2.4.11-CVE-2014-9658.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/freetype-2.4.11-CVE-2014-9658.patch b/freetype-2.4.11-CVE-2014-9658.patch
new file mode 100644
index 00000000000..7aec5c89ad3
--- /dev/null
+++ b/freetype-2.4.11-CVE-2014-9658.patch
@@ -0,0 +1,23 @@
+From f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Mon, 24 Nov 2014 08:31:32 +0000
+Subject: [sfnt] Fix Savannah bug #43672.
+
+* src/sfnt/ttkern.c (tt_face_load_kern): Use correct value for
+minimum table length test.
+---
+diff --git a/src/sfnt/ttkern.c b/src/sfnt/ttkern.c
+index 32c4008..455e7b5 100644
+--- a/src/sfnt/ttkern.c
++++ b/src/sfnt/ttkern.c
+@@ -99,7 +99,7 @@
+ length = FT_NEXT_USHORT( p );
+ coverage = FT_NEXT_USHORT( p );
+
+- if ( length <= 6 )
++ if ( length <= 6 + 8 )
+ break;
+
+ p_next += length;
+--
+cgit v0.9.0.2