rpms / harfbuzz

Clone
Source Code
GIT

Blame SOURCES/CVE-2022-33068-sbix-Limit-glyph-extents.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   158197327b608b95ffa16e4964d3852137fa6fe0
  2.   SOURCES
  3.   CVE-2022-33068-sbix-Limit-glyph-extents.patch
Blob History Raw
158197 
From 62e803b36173fd096d7ad460dd1d1db9be542593 Mon Sep 17 00:00:00 2001
158197 
From: Behdad Esfahbod <behdad@behdad.org>
158197 
Date: Wed, 1 Jun 2022 07:38:21 -0600
158197 
Subject: [PATCH 001/363] [sbix] Limit glyph extents
158197
158197 
Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
158197 
---
158197 
 src/hb-ot-color-sbix-table.hh       |   6 ++++++
158197 
 1 file changed, 6 insertions(+)
158197
158197 
diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh
158197 
index 9741ebd45..6efae43cd 100644
158197 
--- a/src/hb-ot-color-sbix-table.hh
158197 
+++ b/src/hb-ot-color-sbix-table.hh
158197 
@@ -298,6 +298,12 @@ struct sbix
158197
158197 
       const PNGHeader &png = *blob->as<PNGHeader>();
158197
158197 
+      if ((png.IHDR.height >= 65536) | (png.IHDR.width >= 65536))
158197 
+      {
158197 
+	hb_blob_destroy (blob);
158197 
+	return false;
158197 
+      }
158197 
+
158197 
       extents->x_bearing = x_offset;
158197 
       extents->y_bearing = png.IHDR.height + y_offset;
158197 
       extents->width     = png.IHDR.width;
158197 
--
158197 
2.36.1
158197

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation