diff options
Diffstat (limited to 'meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch')
-rw-r--r-- | meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch new file mode 100644 index 0000000000..e4a991e984 --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5669.patch @@ -0,0 +1,31 @@ +From 07bdb6e289c7954e2a533039dc93c1c136099d2d Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <wl@gnu.org> +Date: Sat, 15 Dec 2012 01:02:23 +0000 +Subject: [bdf] Fix Savannah bug #37906. + +* src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for +checking `glyph_enc'. + +Upstream-Status: Pending + +Signed-off-by: Eren Turkay <eren@hambedded.org> +Signed-off-by: Scott Garman <scott.a.garman@intel.com> +--- +diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c +index 8d7f9a0..f9c06ca 100644 +--- a/src/bdf/bdflib.c ++++ b/src/bdf/bdflib.c +@@ -1628,8 +1628,9 @@ + + /* Check that the encoding is in the Unicode range because */ + /* otherwise p->have (a bitmap with static size) overflows. */ +- if ( p->glyph_enc > 0 && +- (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 ) ++ if ( p->glyph_enc > 0 && ++ (size_t)p->glyph_enc >= sizeof ( p->have ) / ++ sizeof ( unsigned long ) * 32 ) + { + FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG5, lineno, "ENCODING" )); + error = BDF_Err_Invalid_File_Format; +-- +cgit v0.9.0.2 |