Blame SOURCES/freetype-2.4.11-CVE-2014-9658.patch

43e195
From f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c Mon Sep 17 00:00:00 2001
43e195
From: Werner Lemberg <wl@gnu.org>
43e195
Date: Mon, 24 Nov 2014 08:31:32 +0000
43e195
Subject: [sfnt] Fix Savannah bug #43672.
43e195
43e195
* src/sfnt/ttkern.c (tt_face_load_kern): Use correct value for
43e195
minimum table length test.
43e195
---
43e195
diff --git a/src/sfnt/ttkern.c b/src/sfnt/ttkern.c
43e195
index 32c4008..455e7b5 100644
43e195
--- a/src/sfnt/ttkern.c
43e195
+++ b/src/sfnt/ttkern.c
43e195
@@ -99,7 +99,7 @@
43e195
       length   = FT_NEXT_USHORT( p );
43e195
       coverage = FT_NEXT_USHORT( p );
43e195
 
43e195
-      if ( length <= 6 )
43e195
+      if ( length <= 6 + 8 )
43e195
         break;
43e195
 
43e195
       p_next += length;
43e195
--
43e195
cgit v0.9.0.2