freetype-freeworld/F-15/freetype-2.4.4-CVE-2012-1133.patch

--- freetype-2.4.4/src/bdf/bdflib.c     2012-03-28 15:24:32.000000000 +0200
+++ freetype-2.4.4/src/bdf/bdflib.c     2012-03-28 15:25:18.000000000 +0200
@@ -1587,6 +1587,11 @@
 
       p->glyph_enc = _bdf_atol( p->list.field[1], 0, 10 );
 
+      /* Normalize negative encoding values.  The specification only */
+      /* allows -1, but we can be more generous here.                */
+      if ( p->glyph_enc < -1 )
+        p->glyph_enc = -1;
+
       /* Check that the encoding is in the range [0,65536] because        */
       /* otherwise p->have (a bitmap with static size) overflows.         */
       if ( (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 )
Revision:	1.1
Committed:	Wed Apr 4 15:43:38 2012 UTC (13 months, 2 weeks ago) by kkofler
Branch:	MAIN
CVS Tags:	freetype-freeworld-2_4_4-7_fc15, HEAD
Log Message:	* Wed Apr 04 2012 Kevin Kofler <Kevin@tigcc.ticalc.org> 2.4.4-7 - Add security patches from Fedora freetype-2.4.4-8 (rh#806270)
Line	File contents
1	--- freetype-2.4.4/src/bdf/bdflib.c 2012-03-28 15:24:32.000000000 +0200
2	+++ freetype-2.4.4/src/bdf/bdflib.c 2012-03-28 15:25:18.000000000 +0200
3	@@ -1587,6 +1587,11 @@
4
5	p->glyph_enc = _bdf_atol( p->list.field[1], 0, 10 );
6
7	+ /* Normalize negative encoding values. The specification only */
8	+ /* allows -1, but we can be more generous here. */
9	+ if ( p->glyph_enc < -1 )
10	+ p->glyph_enc = -1;
11	+
12	/* Check that the encoding is in the range [0,65536] because */
13	/* otherwise p->have (a bitmap with static size) overflows. */
14	if ( (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 )