summarylogtreecommitdiffstats
path: root/freetype-2.5.0-CVE-2014-2240.patch
diff options
context:
space:
mode:
Diffstat (limited to 'freetype-2.5.0-CVE-2014-2240.patch')
-rw-r--r--freetype-2.5.0-CVE-2014-2240.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/freetype-2.5.0-CVE-2014-2240.patch b/freetype-2.5.0-CVE-2014-2240.patch
new file mode 100644
index 00000000000..d838de3a265
--- /dev/null
+++ b/freetype-2.5.0-CVE-2014-2240.patch
@@ -0,0 +1,25 @@
+From 0eae6eb0645264c98812f0095e0f5df4541830e6 Mon Sep 17 00:00:00 2001
+From: Dave Arnold <darnold@adobe.com>
+Date: Fri, 28 Feb 2014 06:40:01 +0000
+Subject: Fix Savannah bug #41697, part 1.
+
+* src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is
+invalid. In this case, it is not safe to use the length of
+`hStemHintArray'; the exception has already been recorded in
+`hintMask'.
+---
+diff --git a/src/cff/cf2hints.c b/src/cff/cf2hints.c
+index 5f44161..79f84fc 100644
+--- a/src/cff/cf2hints.c
++++ b/src/cff/cf2hints.c
+@@ -781,6 +781,8 @@
+ cf2_hintmask_setAll( hintMask,
+ cf2_arrstack_size( hStemHintArray ) +
+ cf2_arrstack_size( vStemHintArray ) );
++ if ( !cf2_hintmask_isValid( hintMask ) )
++ return; /* too many stem hints */
+ }
+
+ /* begin by clearing the map */
+--
+cgit v0.9.0.2