Attachment 89112 Details for Bug 124828 – CVE-2006-0747_nullpointer-deref.diff

[patch] CVE-2006-0747_nullpointer-deref.diff

CVE-2006-0747_nullpointer-deref.diff (text/plain), 1.14 KB, created by Donnie Berkholz (RETIRED) on 2006-06-13 21:08:10 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Donnie Berkholz (RETIRED)

Created: 2006-06-13 21:08:10 UTC

Size: 1.14 KB

patch

obsolete

>diff -u -p -Nr --exclude CVS freetype-2.1.7.orig/src/base/ftutil.c freetype-2.1.7/src/base/ftutil.c
>--- freetype-2.1.7.orig/src/base/ftutil.c	2002-07-28 07:05:22.000000000 +0200
>+++ freetype-2.1.7/src/base/ftutil.c	2006-05-28 11:32:44.000000000 +0200
>@@ -51,6 +51,8 @@
>             FT_Long    size,
>             void*     *P )
>   {
>+    FT_Error  error = FT_Err_Ok;
>+
>     FT_ASSERT( P != 0 );
> 
>     if ( size > 0 )
>@@ -67,13 +69,17 @@
>       FT_MEM_ZERO( *P, size );
>     }
>     else
>+    {
>       *P = NULL;
>+      if ( size < 0 )
>+	error = FT_Err_Invalid_Argument;
>+    }
> 
>     FT_TRACE7(( "FT_Alloc:" ));
>     FT_TRACE7(( " size = %ld, block = 0x%08p, ref = 0x%08p\n",
>                 size, *P, P ));
> 
>-    return FT_Err_Ok;
>+    return error;
>   }
> 
> 
>@@ -95,12 +101,15 @@
>       return FT_Alloc( memory, size, P );
> 
>     /* if the new block if zero-sized, clear the current one */
>-    if ( size <= 0 )
>+    if ( size == 0 )
>     {
>       FT_Free( memory, P );
>       return FT_Err_Ok;
>     }
> 
>+    if ( size < 0 || current < 0 )
>+      return FT_Err_Invalid_Argument;
>+
>     Q = memory->realloc( memory, current, size, *P );
>     if ( !Q )
>       goto Fail;

Actions: View | Diff

Attachments on bug 124828: 86118 | 86119 | 86120 | 86121 | 86122 | 86123 | 86201 | 89111 | 89112 | 89113 | 89114 | 89115