diff options
author | snj <snj> | 2006-06-06 07:51:29 +0000 |
---|---|---|
committer | snj <snj> | 2006-06-06 07:51:29 +0000 |
commit | d364d6c27bac764a5f51cb21266fd6ad3be73af7 (patch) | |
tree | b2c4e242b98b5223d598d84a8cc4137976b80fe0 /graphics/freetype2/patches/patch-ac | |
parent | 4f22d4aa10caf3b3d4d6f1c4be2e7749ba118841 (diff) | |
download | pkgsrc-d364d6c27bac764a5f51cb21266fd6ad3be73af7.tar.gz |
Pullup ticket 1686 - requested by salo
security fix for freetype2
Apply patch from salo, mirroring the recent xsrc fixes for CVE-2006-0747,
CVE-2006-1861, and CVE-2006-2661.
Diffstat (limited to 'graphics/freetype2/patches/patch-ac')
-rw-r--r-- | graphics/freetype2/patches/patch-ac | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/graphics/freetype2/patches/patch-ac b/graphics/freetype2/patches/patch-ac new file mode 100644 index 00000000000..95db80bb2a1 --- /dev/null +++ b/graphics/freetype2/patches/patch-ac @@ -0,0 +1,28 @@ +$NetBSD: patch-ac,v 1.1.2.1 2006/06/06 07:51:29 snj Exp $ + +--- src/base/ftmac.c.orig 2004-08-28 10:02:46.000000000 +0200 ++++ src/base/ftmac.c 2006-06-05 23:17:29.000000000 +0200 +@@ -430,6 +430,7 @@ + short res_id; + unsigned char *buffer, *p, *size_p = NULL; + FT_ULong total_size = 0; ++ FT_ULong old_total_size = 0; + FT_ULong post_size, pfb_chunk_size; + Handle post_data; + char code, last_code; +@@ -462,6 +463,15 @@ + last_code = code; + } + ++ /* detect integer overflows */ ++ if ( total_size < old_total_size ) ++ { ++ error = FT_Err_Array_Too_Large; ++ goto Error; ++ } ++ ++ old_total_size = total_size; ++ + if ( FT_ALLOC( buffer, (FT_Long)total_size ) ) + goto Error; + |