freetype-freeworld/F-15/freetype-2.4.4-CVE-2012-1140.patch

--- a/src/psaux/psconv.c
+++ b/src/psaux/psconv.c
@@ -4,7 +4,7 @@
 /*                                                                         */
 /*    Some convenience conversions (body).                                 */
 /*                                                                         */
-/*  Copyright 2006, 2008, 2009 by                                          */
+/*  Copyright 2006, 2008, 2009, 2012 by                                    */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -79,7 +79,7 @@
     FT_Bool   sign = 0;
 
 
-    if ( p == limit || base < 2 || base > 36 )
+    if ( p >= limit || base < 2 || base > 36 )
       return 0;
 
     if ( *p == '-' || *p == '+' )
@@ -150,7 +150,7 @@
     FT_Bool   sign = 0;
 
 
-    if ( p == limit )
+    if ( p >= limit )
       return 0;
 
     if ( *p == '-' || *p == '+' )
@@ -346,7 +346,11 @@
 
 #if 1
 
-    p  = *cursor;
+    p = *cursor;
+
+    if ( p >= limit )
+      return 0;
+
     if ( n > (FT_UInt)( limit - p ) )
       n = (FT_UInt)( limit - p );
 
@@ -434,6 +438,10 @@
 #if 1
 
     p = *cursor;
+
+    if ( p >= limit )
+      return 0;
+
     if ( n > (FT_UInt)(limit - p) )
       n = (FT_UInt)(limit - p);
 
Revision:	1.1
Committed:	Wed Apr 4 15:43:38 2012 UTC (14 months, 2 weeks ago) by kkofler
Branch:	MAIN
CVS Tags:	freetype-freeworld-2_4_4-7_fc15, HEAD
Log Message:	* Wed Apr 04 2012 Kevin Kofler <Kevin@tigcc.ticalc.org> 2.4.4-7 - Add security patches from Fedora freetype-2.4.4-8 (rh#806270)
Line	User	Rev	File contents
1	kkofler	1.1	--- a/src/psaux/psconv.c
2			+++ b/src/psaux/psconv.c
3			@@ -4,7 +4,7 @@
4			/* */
5			/* Some convenience conversions (body). */
6			/* */
7			-/* Copyright 2006, 2008, 2009 by */
8			+/* Copyright 2006, 2008, 2009, 2012 by */
9			/* David Turner, Robert Wilhelm, and Werner Lemberg. */
10			/* */
11			/* This file is part of the FreeType project, and may only be used, */
12			@@ -79,7 +79,7 @@
13			FT_Bool sign = 0;
14
15
16			- if ( p == limit \|\| base < 2 \|\| base > 36 )
17			+ if ( p >= limit \|\| base < 2 \|\| base > 36 )
18			return 0;
19
20			if ( p == '-' \|\| p == '+' )
21			@@ -150,7 +150,7 @@
22			FT_Bool sign = 0;
23
24
25			- if ( p == limit )
26			+ if ( p >= limit )
27			return 0;
28
29			if ( p == '-' \|\| p == '+' )
30			@@ -346,7 +346,11 @@
31
32			#if 1
33
34			- p = *cursor;
35			+ p = *cursor;
36			+
37			+ if ( p >= limit )
38			+ return 0;
39			+
40			if ( n > (FT_UInt)( limit - p ) )
41			n = (FT_UInt)( limit - p );
42
43			@@ -434,6 +438,10 @@
44			#if 1
45
46			p = *cursor;
47			+
48			+ if ( p >= limit )
49			+ return 0;
50			+
51			if ( n > (FT_UInt)(limit - p) )
52			n = (FT_UInt)(limit - p);
53