1 files changed, 52 insertions, 0 deletions

diff --git a/freetype-2.5.0-CVE-2014-2241.patch b/freetype-2.5.0-CVE-2014-2241.patch
new file mode 100644
index 000000000000..3e6cd60c9bbc
--- /dev/null
+++ b/freetype-2.5.0-CVE-2014-2241.patch
@@ -0,0 +1,52 @@
+From 135c3faebb96f8f550bd4f318716f2e1e095a969 Mon Sep 17 00:00:00 2001
+From: Dave Arnold <darnold@adobe.com>
+Date: Fri, 28 Feb 2014 06:42:42 +0000
+Subject: Fix Savannah bug #41697, part 2.
+
+* src/cff/cf2ft.c (cf2_initLocalRegionBuffer,
+cf2_initGlobalRegionBuffer): It is possible for a charstring to call
+a subroutine if no subroutines exist.  This is an error but should
+not trigger an assert.  Split the assert to account for this.
+---
+diff --git a/src/cff/cf2ft.c b/src/cff/cf2ft.c
+index df5f8fb..82bac75 100644
+--- a/src/cff/cf2ft.c
++++ b/src/cff/cf2ft.c
+@@ -521,7 +521,7 @@
+                               CF2_UInt      idx,
+                               CF2_Buffer    buf )
+   {
+-    FT_ASSERT( decoder && decoder->globals );
++    FT_ASSERT( decoder );
+ 
+     FT_ZERO( buf );
+ 
+@@ -529,6 +529,8 @@
+     if ( idx >= decoder->num_globals )
+       return TRUE;     /* error */
+ 
++    FT_ASSERT( decoder->globals );
++
+     buf->start =
+     buf->ptr   = decoder->globals[idx];
+     buf->end   = decoder->globals[idx + 1];
+@@ -594,7 +596,7 @@
+                              CF2_UInt      idx,
+                              CF2_Buffer    buf )
+   {
+-    FT_ASSERT( decoder && decoder->locals );
++    FT_ASSERT( decoder );
+ 
+     FT_ZERO( buf );
+ 
+@@ -602,6 +604,8 @@
+     if ( idx >= decoder->num_locals )
+       return TRUE;     /* error */
+ 
++    FT_ASSERT( decoder->locals );
++
+     buf->start =
+     buf->ptr   = decoder->locals[idx];
+     buf->end   = decoder->locals[idx + 1];
+--
+cgit v0.9.0.2