diff options
Diffstat (limited to 'freetype-2.4.11-CVE-2014-9663.patch')
-rw-r--r-- | freetype-2.4.11-CVE-2014-9663.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/freetype-2.4.11-CVE-2014-9663.patch b/freetype-2.4.11-CVE-2014-9663.patch new file mode 100644 index 000000000000..9e2496a4a59c --- /dev/null +++ b/freetype-2.4.11-CVE-2014-9663.patch @@ -0,0 +1,34 @@ +From 9bd20b7304aae61de5d50ac359cf27132bafd4c1 Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <wl@gnu.org> +Date: Sat, 22 Nov 2014 05:24:45 +0000 +Subject: [sfnt] Fix Savannah bug #43656. + +* src/sfnt/ttcmap.c (tt_cmap4_validate): Fix order of validity +tests. +--- +diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c +index 712bd4f..fb863c3 100644 +--- a/src/sfnt/ttcmap.c ++++ b/src/sfnt/ttcmap.c +@@ -823,9 +823,6 @@ + FT_Error error = SFNT_Err_Ok; + + +- if ( length < 16 ) +- FT_INVALID_TOO_SHORT; +- + /* in certain fonts, the `length' field is invalid and goes */ + /* out of bound. We try to correct this here... */ + if ( table + length > valid->limit ) +@@ -836,6 +833,9 @@ + length = (FT_UInt)( valid->limit - table ); + } + ++ if ( length < 16 ) ++ FT_INVALID_TOO_SHORT; ++ + p = table + 6; + num_segs = TT_NEXT_USHORT( p ); /* read segCountX2 */ + +-- +cgit v0.9.0.2 |