diff options
Diffstat (limited to 'meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch')
-rw-r--r-- | meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch | 28 |
1 files changed, 0 insertions, 28 deletions
diff --git a/meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch b/meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch deleted file mode 100644 index 0b5b3c625f..0000000000 --- a/meta/recipes-graphics/freetype/freetype/fix-potential-numeric-overflow.patch +++ /dev/null | |||
@@ -1,28 +0,0 @@ | |||
1 | freetype-2.9: Fix potential numeric overflow | ||
2 | |||
3 | [No upstream tracking] -- https://savannah.nongnu.org/bugs/index.php?54023 | ||
4 | |||
5 | ttcmap: (tt_cmap2_validate): Fix potential numeric overflow | ||
6 | |||
7 | The dead loop appears in the function tt_cmap2_char_next() | ||
8 | in "src\sfnt\ttcmap.c" in version 2.9 when "charcode == 256". | ||
9 | According to the notes, is seems that "subheader" should | ||
10 | not be NULL when "charcode == 256". | ||
11 | |||
12 | Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/sfnt/ttcmap.c?id=5bd76524ef786d942b28dc52618aeda3aebfa3d6] | ||
13 | bug: 54023 | ||
14 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
15 | |||
16 | diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c | ||
17 | index 5afa6ae..8fb9542 100644 | ||
18 | --- a/src/sfnt/ttcmap.c | ||
19 | +++ b/src/sfnt/ttcmap.c | ||
20 | @@ -358,7 +358,7 @@ | ||
21 | /* check range within 0..255 */ | ||
22 | if ( valid->level >= FT_VALIDATE_PARANOID ) | ||
23 | { | ||
24 | - if ( first_code >= 256 || first_code + code_count > 256 ) | ||
25 | + if ( first_code >= 256 || code_count > 256 - first_code ) | ||
26 | FT_INVALID_DATA; | ||
27 | } | ||
28 | |||