diff options
Diffstat (limited to 'freetype-2.4.11-CVE-2014-9671.patch')
-rw-r--r-- | freetype-2.4.11-CVE-2014-9671.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/freetype-2.4.11-CVE-2014-9671.patch b/freetype-2.4.11-CVE-2014-9671.patch deleted file mode 100644 index a29115095cd7..000000000000 --- a/freetype-2.4.11-CVE-2014-9671.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0e2f5d518c60e2978f26400d110eff178fa7e3c3 Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <wl@gnu.org> -Date: Thu, 06 Nov 2014 21:32:46 +0000 -Subject: Fix Savannah bug #43547. - -* src/pcf/pcfread.c (pcf_read_TOC): Check `size' and `offset' -values. ---- -diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c -index f63377b..8db31bd 100644 ---- a/src/pcf/pcfread.c -+++ b/src/pcf/pcfread.c -@@ -151,6 +151,21 @@ THE SOFTWARE. - break; - } - -+ /* we now check whether the `size' and `offset' values are reasonable: */ -+ /* `offset' + `size' must not exceed the stream size */ -+ tables = face->toc.tables; -+ for ( n = 0; n < toc->count; n++ ) -+ { -+ /* we need two checks to avoid overflow */ -+ if ( ( tables->size > stream->size ) || -+ ( tables->offset > stream->size - tables->size ) ) -+ { -+ error = PCF_Err_Invalid_Table; -+ goto Exit; -+ } -+ tables++; -+ } -+ - #ifdef FT_DEBUG_LEVEL_TRACE - - { --- -cgit v0.9.0.2 |