rpms / freetype

Clone
Source Code
GIT

Blame SOURCES/freetype-2.4.11-CVE-2014-9663.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   43e195d2838ee296c6c9a386dfb7781f5b267449
  2.   SOURCES
  3.   freetype-2.4.11-CVE-2014-9663.patch
Blob History Raw
43e195 
From 9bd20b7304aae61de5d50ac359cf27132bafd4c1 Mon Sep 17 00:00:00 2001
43e195 
From: Werner Lemberg <wl@gnu.org>
43e195 
Date: Sat, 22 Nov 2014 05:24:45 +0000
43e195 
Subject: [sfnt] Fix Savannah bug #43656.
43e195
43e195 
* src/sfnt/ttcmap.c (tt_cmap4_validate): Fix order of validity
43e195 
tests.
43e195 
---
43e195 
diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c
43e195 
index 712bd4f..fb863c3 100644
43e195 
--- a/src/sfnt/ttcmap.c
43e195 
+++ b/src/sfnt/ttcmap.c
43e195 
@@ -823,9 +823,6 @@
43e195 
     FT_Error  error = SFNT_Err_Ok;
43e195
43e195
43e195 
-    if ( length < 16 )
43e195 
-      FT_INVALID_TOO_SHORT;
43e195 
-
43e195 
     /* in certain fonts, the `length' field is invalid and goes */
43e195 
     /* out of bound.  We try to correct this here...            */
43e195 
     if ( table + length > valid->limit )
43e195 
@@ -836,6 +833,9 @@
43e195 
       length = (FT_UInt)( valid->limit - table );
43e195 
     }
43e195
43e195 
+    if ( length < 16 )
43e195 
+      FT_INVALID_TOO_SHORT;
43e195 
+
43e195 
     p        = table + 6;
43e195 
     num_segs = TT_NEXT_USHORT( p );   /* read segCountX2 */
43e195
43e195 
--
43e195 
cgit v0.9.0.2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation