← Back to branch summary

~ubuntu-branches/ubuntu/precise/freetype/precise-security

« back to all changes in this revision

Viewing changes to debian/patches-freetype/CVE-2014-96xx/CVE-2014-9664-1.patch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-02-24 10:35:56 UTC
  • Revision ID: package-import@ubuntu.com-20150224103556-1gtuu5oa9cjuzioh
Tags: 2.4.8-1ubuntu2.2
* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches-freetype/CVE-2014-96xx/CVE-2014-9664-1.patch
 
1
Backport of:
 
2
 
 
3
From dd89710f0f643eb0f99a3830e0712d26c7642acd Mon Sep 17 00:00:00 2001
 
4
From: Werner Lemberg <wl@gnu.org>
 
5
Date: Fri, 21 Nov 2014 21:19:28 +0000
 
6
Subject: [type1, type42] Fix Savannah bug #43655.
 
7
 
 
8
* src/type1/t1load.c (parse_charstrings), src/type42/t42parse.c
 
9
(t42_parse_charstrings): Fix boundary testing.
 
10
---
 
11
Index: freetype-2.4.8/src/type1/t1load.c
 
12
===================================================================
 
13
--- freetype-2.4.8.orig/src/type1/t1load.c      2015-02-24 10:04:02.782532741 -0500
 
14
+++ freetype-2.4.8/src/type1/t1load.c   2015-02-24 10:04:02.778532710 -0500
 
15
@@ -1586,7 +1586,7 @@
 
16
         FT_PtrDist  len;
 
17
 
 
18
 
 
19
-        if ( cur + 1 >= limit )
 
20
+        if ( cur + 2 >= limit )
 
21
         {
 
22
           error = T1_Err_Invalid_File_Format;
 
23
           goto Fail;
 
24
Index: freetype-2.4.8/src/type42/t42parse.c
 
25
===================================================================
 
26
--- freetype-2.4.8.orig/src/type42/t42parse.c   2015-02-24 10:04:02.782532741 -0500
 
27
+++ freetype-2.4.8/src/type42/t42parse.c        2015-02-24 10:04:02.778532710 -0500
 
28
@@ -832,7 +832,7 @@
 
29
         FT_PtrDist  len;
 
30
 
 
31
 
 
32
-        if ( cur + 1 >= limit )
 
33
+        if ( cur + 2 >= limit )
 
34
         {
 
35
           FT_ERROR(( "t42_parse_charstrings: out of bounds\n" ));
 
36
           error = T42_Err_Invalid_File_Format;