summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrej Valek <andrej.valek@siemens.com>2018-07-26 15:24:27 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-07-30 12:44:34 +0100
commit17054a283cdce7759da070d2d8c91ac8de7a4d78 (patch)
tree5c98c641855ee823fbda5c13646962536cbd4cc0
parentad02cb7f8265a0d8b4988a3f1f68bafd9507ae63 (diff)
downloadpoky-17054a283cdce7759da070d2d8c91ac8de7a4d78.tar.gz
freetype: fix potential numeric overflow
bug: 54023 (From OE-Core rev: 4082ac63cfe38d2e7bc953ff3446ab1db95443be) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch28
-rw-r--r--meta/recipes-graphics/freetype/freetype_2.9.bb4
2 files changed, 31 insertions, 1 deletions
diff --git a/meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch b/meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch
new file mode 100644
index 0000000000..0b5b3c625f
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch
@@ -0,0 +1,28 @@
1freetype-2.9: Fix potential numeric overflow
2
3[No upstream tracking] -- https://savannah.nongnu.org/bugs/index.php?54023
4
5ttcmap: (tt_cmap2_validate): Fix potential numeric overflow
6
7The dead loop appears in the function tt_cmap2_char_next()
8in "src\sfnt\ttcmap.c" in version 2.9 when "charcode == 256".
9According to the notes, is seems that "subheader" should
10not be NULL when "charcode == 256".
11
12Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/sfnt/ttcmap.c?id=5bd76524ef786d942b28dc52618aeda3aebfa3d6]
13bug: 54023
14Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
15
16diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c
17index 5afa6ae..8fb9542 100644
18--- a/src/sfnt/ttcmap.c
19+++ b/src/sfnt/ttcmap.c
20@@ -358,7 +358,7 @@
21 /* check range within 0..255 */
22 if ( valid->level >= FT_VALIDATE_PARANOID )
23 {
24- if ( first_code >= 256 || first_code + code_count > 256 )
25+ if ( first_code >= 256 || code_count > 256 - first_code )
26 FT_INVALID_DATA;
27 }
28
diff --git a/meta/recipes-graphics/freetype/freetype_2.9.bb b/meta/recipes-graphics/freetype/freetype_2.9.bb
index da05916b36..216ecf31d1 100644
--- a/meta/recipes-graphics/freetype/freetype_2.9.bb
+++ b/meta/recipes-graphics/freetype/freetype_2.9.bb
@@ -13,7 +13,9 @@ LIC_FILES_CHKSUM = "file://docs/LICENSE.TXT;md5=4af6221506f202774ef74f64932878a1
13 file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec" 13 file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec"
14 14
15SRC_URI = "${SOURCEFORGE_MIRROR}/freetype/freetype-${PV}.tar.bz2 \ 15SRC_URI = "${SOURCEFORGE_MIRROR}/freetype/freetype-${PV}.tar.bz2 \
16 file://use-right-libtool.patch" 16 file://use-right-libtool.patch \
17 file://fix-potential-numeric-overflow.patch \
18 "
17 19
18UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/freetype/files/freetype2/" 20UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/freetype/files/freetype2/"
19UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)" 21UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)"