diff options
author | snj <snj> | 2006-06-06 07:51:29 +0000 |
---|---|---|
committer | snj <snj> | 2006-06-06 07:51:29 +0000 |
commit | d364d6c27bac764a5f51cb21266fd6ad3be73af7 (patch) | |
tree | b2c4e242b98b5223d598d84a8cc4137976b80fe0 /graphics/freetype2/patches/patch-ad | |
parent | 4f22d4aa10caf3b3d4d6f1c4be2e7749ba118841 (diff) | |
download | pkgsrc-d364d6c27bac764a5f51cb21266fd6ad3be73af7.tar.gz |
Pullup ticket 1686 - requested by salo
security fix for freetype2
Apply patch from salo, mirroring the recent xsrc fixes for CVE-2006-0747,
CVE-2006-1861, and CVE-2006-2661.
Diffstat (limited to 'graphics/freetype2/patches/patch-ad')
-rw-r--r-- | graphics/freetype2/patches/patch-ad | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/graphics/freetype2/patches/patch-ad b/graphics/freetype2/patches/patch-ad new file mode 100644 index 00000000000..1aa48b83494 --- /dev/null +++ b/graphics/freetype2/patches/patch-ad @@ -0,0 +1,48 @@ +$NetBSD: patch-ad,v 1.1.2.1 2006/06/06 07:51:29 snj Exp $ + +--- src/base/ftutil.c.orig 2005-03-03 23:59:06.000000000 +0100 ++++ src/base/ftutil.c 2006-06-05 23:18:40.000000000 +0200 +@@ -52,6 +52,8 @@ + FT_Long size, + void* *P ) + { ++ FT_Error error = FT_Err_Ok; ++ + FT_ASSERT( P != 0 ); + + if ( size > 0 ) +@@ -67,6 +69,11 @@ + } + FT_MEM_ZERO( *P, size ); + } ++ else if (size < 0) ++ { ++ /* may help catch/prevent nasty security issues */ ++ error = FT_Err_Invalid_Argument; ++ } + else + *P = NULL; + +@@ -74,7 +81,7 @@ + FT_TRACE7(( " size = %ld, block = 0x%08p, ref = 0x%08p\n", + size, *P, P )); + +- return FT_Err_Ok; ++ return error; + } + + +@@ -127,8 +134,12 @@ + if ( !*P ) + return FT_Alloc( memory, size, P ); + ++ if (size < 0 || current < 0) ++ { ++ return FT_Err_Invalid_Argument; ++ } ++ else if ( size == 0 ) + /* if the new block if zero-sized, clear the current one */ +- if ( size <= 0 ) + { + FT_Free( memory, P ); + return FT_Err_Ok; |