Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 86120 Details for
Bug 124828
media-libs/freetype: integer overflows (CVE-2006-{0747|1861|2493|2661})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
issue_3.patch
issue_3.patch (text/plain), 908 bytes, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2006-05-03 23:20:02 UTC
(
hide
)
Description:
issue_3.patch
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2006-05-03 23:20:02 UTC
Size:
908 bytes
patch
obsolete
>diff --git a/ChangeLog b/ChangeLog >index 480a6a6..1f11d56 100644 >--- a/ChangeLog >+++ b/ChangeLog >@@ -9,6 +9,9 @@ > Check range of `glyph_index'. > * src/cff/cffgload.h: Updated. > >+ * src/sfnt/ttcmap.c (tt_face_build_cmaps): Handle invalid offset >+ correctly. >+ > 2006-03-21 David Turner <david@freetype.org> > > * src/autofit/aflatin.c (af_latin_metrics_scale): Fix small bug >diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c >index 4c1a340..d8f2ae3 100644 >--- a/src/sfnt/ttcmap.c >+++ b/src/sfnt/ttcmap.c >@@ -2271,7 +2271,7 @@ > charmap.encoding = FT_ENCODING_NONE; /* will be filled later */ > offset = TT_NEXT_ULONG( p ); > >- if ( offset && table + offset + 2 <= limit ) >+ if ( offset && offset <= face->cmap_size - 2 ) > { > FT_Byte* cmap = table + offset; > volatile FT_UInt format = TT_PEEK_USHORT( cmap );
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 124828
:
86118
|
86119
|
86120
|
86121
|
86122
|
86123
|
86201
|
89111
|
89112
|
89113
|
89114
|
89115