diff options
Diffstat (limited to 'graphics/freetype2/patches/patch-ab')
| -rw-r--r-- | graphics/freetype2/patches/patch-ab | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/graphics/freetype2/patches/patch-ab b/graphics/freetype2/patches/patch-ab new file mode 100644 index 00000000000..03c80f71087 --- /dev/null +++ b/graphics/freetype2/patches/patch-ab @@ -0,0 +1,24 @@ +$NetBSD: patch-ab,v 1.15.2.2 2010/12/19 03:47:00 sbd Exp $ + +CVE-2010-3855 + +--- src/truetype/ttgxvar.c.orig 2010-07-12 19:03:49.000000000 +0000 ++++ src/truetype/ttgxvar.c +@@ -154,7 +154,7 @@ + runcnt = runcnt & GX_PT_POINT_RUN_COUNT_MASK; + first = points[i++] = FT_GET_USHORT(); + +- if ( runcnt < 1 ) ++ if ( runcnt < 1 || i + runcnt >= n ) + goto Exit; + + /* first point not included in runcount */ +@@ -165,7 +165,7 @@ + { + first = points[i++] = FT_GET_BYTE(); + +- if ( runcnt < 1 ) ++ if ( runcnt < 1 || i + runcnt >= n ) + goto Exit; + + for ( j = 0; j < runcnt; ++j ) |