Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
ft2demos
bnc647375_CVE-2010-3855.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bnc647375_CVE-2010-3855.diff of Package ft2demos
From 59eb9f8cfe7d1df379a2318316d1f04f80fba54a Mon Sep 17 00:00:00 2001 From: Werner Lemberg <wl@gnu.org> Date: Tue, 12 Oct 2010 07:49:17 +0200 Subject: [PATCH] Fix Savannah bug #31310. * src/truetype/ttgxvar.c (ft_var_readpackedpoints): Protect against invalid `runcnt' values. --- ChangeLog | 7 +++++++ src/truetype/ttgxvar.c | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) --- freetype-2.3.9/src/truetype/ttgxvar.c.orig 2008-10-15 22:01:42.000000000 +0200 +++ freetype-2.3.9/src/truetype/ttgxvar.c 2011-02-28 18:04:38.536173000 +0100 @@ -158,6 +158,9 @@ runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK; first = points[i++] = FT_GET_USHORT(); + if ( runcnt < 1 || i + runcnt >= n ) + goto Exit; + /* first point not included in runcount */ for ( j = 0; j < runcnt; ++j ) points[i++] = (FT_UShort)( first += FT_GET_USHORT() ); @@ -166,11 +169,15 @@ { first = points[i++] = FT_GET_BYTE(); + if ( runcnt < 1 || i + runcnt >= n ) + goto Exit; + for ( j = 0; j < runcnt; ++j ) points[i++] = (FT_UShort)( first += FT_GET_BYTE() ); } } + Exit: return points; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor