Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
ft2demos
bnc647375_CVE-2010-3814.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bnc647375_CVE-2010-3814.diff of Package ft2demos
commit 0edf0986f3be570f5bf90ff245a85c1675f5c9a4 Author: Werner Lemberg <wl@gnu.org> Date: Wed Oct 6 11:52:27 2010 +0200 [truetype] Improve error handling of `SHZ' bytecode instruction. Problem reported by Chris Evans <scarybeasts@gmail.com>. * src/truetype/ttinterp.c (Ins_SHZ): Check `last_point'. Index: freetype-2.3.9/src/truetype/ttinterp.c =================================================================== --- freetype-2.3.9.orig/src/truetype/ttinterp.c +++ freetype-2.3.9/src/truetype/ttinterp.c @@ -5494,7 +5494,16 @@ if ( CUR.GS.gep2 == 0 && CUR.zp2.n_points > 0 ) last_point = (FT_UShort)( CUR.zp2.n_points - 1 ); else if ( CUR.GS.gep2 == 1 && CUR.zp2.n_contours > 0 ) + { last_point = (FT_UShort)( CUR.zp2.contours[CUR.zp2.n_contours - 1] ); + + if ( BOUNDS( last_point, CUR.zp2.n_points ) ) + { + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Invalid_Reference; + return; + } + } else last_point = 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor