1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch b/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
new file mode 100644
index 0000000000..f600309d3e
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
@@ -0,0 +1,41 @@
+From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Mon, 14 Nov 2022 19:18:19 +0100
+Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
+ overflow.
+Reported as
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
+Upstream-Status: Backport [https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611]
+CVE: CVE-2023-2004
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/truetype/ttgxvar.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
+index 7f2db0c..8968111 100644
+--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
+@@ -42,6 +42,7 @@
+ #include <ft2build.h>
+ #include <freetype/internal/ftdebug.h>
+ #include FT_CONFIG_CONFIG_H
+#include <freetype/internal/ftcalc.h>
+ #include <freetype/internal/ftstream.h>
+ #include <freetype/internal/sfnt.h>
+ #include <freetype/tttags.h>
+@@ -1147,7 +1148,7 @@
+                 delta == 1 ? "" : "s",
+                 vertical ? "VVAR" : "HVAR" ));
+ 
+-    *avalue += delta;
+    *avalue = ADD_INT( *avalue, delta );
+ 
+   Exit:
+     return error;
+-- 
+2.25.1

diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch b/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch new file mode 100644 index 0000000000..f600309d3e --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
@@ -0,0 +1,41 @@
	1	From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
	2	From: Werner Lemberg <wl@gnu.org>
	3	Date: Mon, 14 Nov 2022 19:18:19 +0100
	4	Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
	5	overflow.
	6
	7	Reported as
	8
	9	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
	10
	11	Upstream-Status: Backport [https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611]
	12	CVE: CVE-2023-2004
	13	Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
	14	---
	15	src/truetype/ttgxvar.c \| 3 ++-
	16	1 file changed, 2 insertions(+), 1 deletion(-)
	17
	18	diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
	19	index 7f2db0c..8968111 100644
	20	--- a/src/truetype/ttgxvar.c
	21	+++ b/src/truetype/ttgxvar.c
	22	@@ -42,6 +42,7 @@
	23	#include <ft2build.h>
	24	#include <freetype/internal/ftdebug.h>
	25	#include FT_CONFIG_CONFIG_H
	26	+#include <freetype/internal/ftcalc.h>
	27	#include <freetype/internal/ftstream.h>
	28	#include <freetype/internal/sfnt.h>
	29	#include <freetype/tttags.h>
	30	@@ -1147,7 +1148,7 @@
	31	delta == 1 ? "" : "s",
	32	vertical ? "VVAR" : "HVAR" ));
	33
	34	- *avalue += delta;
	35	+ avalue = ADD_INT( avalue, delta );
	36
	37	Exit:
	38	return error;
	39	--
	40	2.25.1
	41