/[packages]/updates/5/fontforge/current/SOURCES/0001-Fix-out-of-bounds-read-in-getsid.patch
ViewVC logotype

Contents of /updates/5/fontforge/current/SOURCES/0001-Fix-out-of-bounds-read-in-getsid.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1186904 - (show annotations) (download)
Fri Dec 29 01:10:44 2017 UTC (17 months, 3 weeks ago) by luigiwalser
File size: 1807 byte(s)
add patches from debian to fix CVE-2017-1156[89] and CVE-2017-1157[124567]
1 From 3245d354865def9d712bdffe61fa211ad6aa4081 Mon Sep 17 00:00:00 2001
2 From: Jeremy Tan <jtanx@outlook.com>
3 Date: Sun, 30 Jul 2017 09:17:40 +0800
4 Subject: [PATCH 1/6] Fix out of bounds read in getsid
5
6 Closes #3088
7 ---
8 fontforge/parsettf.c | 14 ++++++++++----
9 1 file changed, 10 insertions(+), 4 deletions(-)
10
11 --- a/fontforge/parsettf.c
12 +++ b/fontforge/parsettf.c
13 @@ -3310,8 +3310,14 @@
14 }
15
16 static const char *getsid(int sid,char **strings,int scnt,struct ttfinfo *info) {
17 - if ( sid==-1 )
18 + if ( sid==-1 ) // Default value, indicating it's not present
19 return( NULL );
20 + else if (sid < 0) {
21 + LogError(_("Bad sid %d (0 <= sid < %d)\n"), sid, scnt+nStdStrings);
22 + if (info != NULL)
23 + info->bad_cff = true;
24 + return NULL;
25 + }
26 else if ( sid<nStdStrings )
27 return( cffnames[sid] );
28 else if ( sid-nStdStrings>scnt ) {
29 @@ -6019,17 +6025,17 @@
30 for ( english=sf->names; english!=NULL && english->lang!=0x409; english=english->next );
31 if ( english==NULL )
32 return;
33 - if ( english->names[ttf_family]!=NULL &&
34 + if ( english->names[ttf_family]!=NULL && sf->familyname!=NULL &&
35 strcmp(english->names[ttf_family],sf->familyname)==0 ) {
36 free(english->names[ttf_family]);
37 english->names[ttf_family]=NULL;
38 }
39 - if ( english->names[ttf_copyright]!=NULL &&
40 + if ( english->names[ttf_copyright]!=NULL && sf->copyright!=NULL &&
41 strcmp(english->names[ttf_copyright],sf->copyright)==0 ) {
42 free(english->names[ttf_copyright]);
43 english->names[ttf_copyright]=NULL;
44 }
45 - if ( english->names[ttf_fullname]!=NULL &&
46 + if ( english->names[ttf_fullname]!=NULL && sf->fullname!=NULL &&
47 strcmp(english->names[ttf_fullname],sf->fullname)==0 ) {
48 free(english->names[ttf_fullname]);
49 english->names[ttf_fullname]=NULL;

  ViewVC Help
Powered by ViewVC 1.1.26