freetype-freeworld/F-15/freetype-2.4.4-CVE-2012-1140.patch

--- a/src/psaux/psconv.c
+++ b/src/psaux/psconv.c
@@ -4,7 +4,7 @@
 /*                                                                         */
 /*    Some convenience conversions (body).                                 */
 /*                                                                         */
-/*  Copyright 2006, 2008, 2009 by                                          */
+/*  Copyright 2006, 2008, 2009, 2012 by                                    */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -79,7 +79,7 @@
     FT_Bool   sign = 0;
 
 
-    if ( p == limit || base < 2 || base > 36 )
+    if ( p >= limit || base < 2 || base > 36 )
       return 0;
 
     if ( *p == '-' || *p == '+' )
@@ -150,7 +150,7 @@
     FT_Bool   sign = 0;
 
 
-    if ( p == limit )
+    if ( p >= limit )
       return 0;
 
     if ( *p == '-' || *p == '+' )
@@ -346,7 +346,11 @@
 
 #if 1
 
-    p  = *cursor;
+    p = *cursor;
+
+    if ( p >= limit )
+      return 0;
+
     if ( n > (FT_UInt)( limit - p ) )
       n = (FT_UInt)( limit - p );
 
@@ -434,6 +438,10 @@
 #if 1
 
     p = *cursor;
+
+    if ( p >= limit )
+      return 0;
+
     if ( n > (FT_UInt)(limit - p) )
       n = (FT_UInt)(limit - p);
 
Revision:	1.1
Committed:	Wed Apr 4 15:43:38 2012 UTC (13 months, 2 weeks ago) by kkofler
Branch:	MAIN
CVS Tags:	freetype-freeworld-2_4_4-7_fc15, HEAD
Log Message:	* Wed Apr 04 2012 Kevin Kofler <Kevin@tigcc.ticalc.org> 2.4.4-7 - Add security patches from Fedora freetype-2.4.4-8 (rh#806270)
Line	File contents
1	--- a/src/psaux/psconv.c
2	+++ b/src/psaux/psconv.c
3	@@ -4,7 +4,7 @@
4	/* */
5	/* Some convenience conversions (body). */
6	/* */
7	-/* Copyright 2006, 2008, 2009 by */
8	+/* Copyright 2006, 2008, 2009, 2012 by */
9	/* David Turner, Robert Wilhelm, and Werner Lemberg. */
10	/* */
11	/* This file is part of the FreeType project, and may only be used, */
12	@@ -79,7 +79,7 @@
13	FT_Bool sign = 0;
14
15
16	- if ( p == limit \|\| base < 2 \|\| base > 36 )
17	+ if ( p >= limit \|\| base < 2 \|\| base > 36 )
18	return 0;
19
20	if ( p == '-' \|\| p == '+' )
21	@@ -150,7 +150,7 @@
22	FT_Bool sign = 0;
23
24
25	- if ( p == limit )
26	+ if ( p >= limit )
27	return 0;
28
29	if ( p == '-' \|\| p == '+' )
30	@@ -346,7 +346,11 @@
31
32	#if 1
33
34	- p = *cursor;
35	+ p = *cursor;
36	+
37	+ if ( p >= limit )
38	+ return 0;
39	+
40	if ( n > (FT_UInt)( limit - p ) )
41	n = (FT_UInt)( limit - p );
42
43	@@ -434,6 +438,10 @@
44	#if 1
45
46	p = *cursor;
47	+
48	+ if ( p >= limit )
49	+ return 0;
50	+
51	if ( n > (FT_UInt)(limit - p) )
52	n = (FT_UInt)(limit - p);
53