/[packages]/updates/5/fontforge/current/SOURCES/0004-parsettf.c-Fix-buffer-overrun-condition.patch
ViewVC logotype

Contents of /updates/5/fontforge/current/SOURCES/0004-parsettf.c-Fix-buffer-overrun-condition.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1186904 - (show annotations) (download)
Fri Dec 29 01:10:44 2017 UTC (17 months, 3 weeks ago) by luigiwalser
File size: 613 byte(s)
add patches from debian to fix CVE-2017-1156[89] and CVE-2017-1157[124567]
1 From 62b6433a81ee7ed6e0ac2d6b09ac85b885046ac3 Mon Sep 17 00:00:00 2001
2 From: Jeremy Tan <jtanx@outlook.com>
3 Date: Sun, 30 Jul 2017 10:27:17 +0800
4 Subject: [PATCH 4/6] parsettf.c: Fix buffer overrun condition
5
6 Closes #3090
7 ---
8 fontforge/parsettf.c | 2 +-
9 1 file changed, 1 insertion(+), 1 deletion(-)
10
11 --- a/fontforge/parsettf.c
12 +++ b/fontforge/parsettf.c
13 @@ -3504,7 +3504,7 @@
14 for ( i = 1; i<len; ) {
15 first = dict->charset[i++] = getushort(ttf);
16 cnt = getc(ttf);
17 - for ( j=0; j<cnt; ++j )
18 + for ( j=0; j<cnt && i<len; ++j )
19 dict->charset[i++] = ++first;
20 }
21 } else if ( format==2 ) {

  ViewVC Help
Powered by ViewVC 1.1.26