diff options
| author | Andrej Valek <andrej.valek@siemens.com> | 2018-07-26 15:24:27 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-07-30 12:44:28 +0100 |
| commit | 4082ac63cfe38d2e7bc953ff3446ab1db95443be (patch) | |
| tree | 4bb482044635b5899d9368d456da5283c484cc24 | |
| parent | 784f993f52c8e591d96efadfec486a736b6f1ff5 (diff) | |
| download | openembedded-core-4082ac63cfe38d2e7bc953ff3446ab1db95443be.tar.gz openembedded-core-4082ac63cfe38d2e7bc953ff3446ab1db95443be.tar.bz2 openembedded-core-4082ac63cfe38d2e7bc953ff3446ab1db95443be.zip | |
freetype: fix potential numeric overflow
bug: 54023
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
| -rw-r--r-- | meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch | 28 | ||||
| -rw-r--r-- | meta/recipes-graphics/freetype/freetype_2.9.bb | 4 |
2 files changed, 31 insertions, 1 deletions
diff --git a/meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch b/meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch new file mode 100644 index 0000000000..0b5b3c625f --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch @@ -0,0 +1,28 @@ +freetype-2.9: Fix potential numeric overflow + +[No upstream tracking] -- https://savannah.nongnu.org/bugs/index.php?54023 + +ttcmap: (tt_cmap2_validate): Fix potential numeric overflow + +The dead loop appears in the function tt_cmap2_char_next() +in "src\sfnt\ttcmap.c" in version 2.9 when "charcode == 256". +According to the notes, is seems that "subheader" should +not be NULL when "charcode == 256". + +Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/sfnt/ttcmap.c?id=5bd76524ef786d942b28dc52618aeda3aebfa3d6] +bug: 54023 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> + +diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c +index 5afa6ae..8fb9542 100644 +--- a/src/sfnt/ttcmap.c ++++ b/src/sfnt/ttcmap.c +@@ -358,7 +358,7 @@ + /* check range within 0..255 */ + if ( valid->level >= FT_VALIDATE_PARANOID ) + { +- if ( first_code >= 256 || first_code + code_count > 256 ) ++ if ( first_code >= 256 || code_count > 256 - first_code ) + FT_INVALID_DATA; + } + diff --git a/meta/recipes-graphics/freetype/freetype_2.9.bb b/meta/recipes-graphics/freetype/freetype_2.9.bb index da05916b36..216ecf31d1 100644 --- a/meta/recipes-graphics/freetype/freetype_2.9.bb +++ b/meta/recipes-graphics/freetype/freetype_2.9.bb @@ -13,7 +13,9 @@ LIC_FILES_CHKSUM = "file://docs/LICENSE.TXT;md5=4af6221506f202774ef74f64932878a1 file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec" SRC_URI = "${SOURCEFORGE_MIRROR}/freetype/freetype-${PV}.tar.bz2 \ - file://use-right-libtool.patch" + file://use-right-libtool.patch \ + file://fix-potential-numeric-overflow.patch \ + " UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/freetype/files/freetype2/" UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)" |