diff options
Diffstat (limited to 'freetype-2.4.11-CVE-2014-9667.patch')
-rw-r--r-- | freetype-2.4.11-CVE-2014-9667.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/freetype-2.4.11-CVE-2014-9667.patch b/freetype-2.4.11-CVE-2014-9667.patch deleted file mode 100644 index 1e349405c408..000000000000 --- a/freetype-2.4.11-CVE-2014-9667.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891 Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <wl@gnu.org> -Date: Wed, 12 Nov 2014 20:26:44 +0000 -Subject: [sfnt] Fix Savannah bug #43590. - -* src/sfnt/ttload.c (check_table_dir, tt_face_load_font_dir): -Protect against addition overflow. ---- -diff --git a/src/sfnt/ttload.c b/src/sfnt/ttload.c -index 0a3cd29..8338150 100644 ---- a/src/sfnt/ttload.c -+++ b/src/sfnt/ttload.c -@@ -5,7 +5,7 @@ - /* Load the basic TrueType tables, i.e., tables that can be either in */ - /* TTF or OTF fonts (body). */ - /* */ --/* Copyright 1996-2010, 2012 by */ -+/* Copyright 1996-2010, 2012-2014 by */ - /* David Turner, Robert Wilhelm, and Werner Lemberg. */ - /* */ - /* This file is part of the FreeType project, and may only be used, */ -@@ -207,7 +207,10 @@ - } - - /* we ignore invalid tables */ -- if ( table.Offset + table.Length > stream->size ) -+ -+ /* table.Offset + table.Length > stream->size ? */ -+ if ( table.Length > stream->size || -+ table.Offset > stream->size - table.Length ) - { - FT_TRACE2(( "check_table_dir: table entry %d invalid\n", nn )); - continue; -@@ -398,7 +398,10 @@ - entry->Length = FT_GET_LONG(); - - /* ignore invalid tables */ -- if ( entry->Offset + entry->Length > stream->size ) -+ -+ /* entry->Offset + entry->Length > stream->size ? */ -+ if ( entry->Length > stream->size || -+ entry->Offset > stream->size - entry->Length ) - continue; - else - { --- -cgit v0.9.0.2 |