packages/freetype
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freetype/backport-Minimal-stop-gap-fix-for-CVE-2025-27363.patch
zhangpan 245bafa9cd update CVE-2025-27363 patch
2025-04-14 07:23:45 +00:00

45 lines
1.5 KiB
Diff
Raw Blame History

From: Marc Deslauriers <marc.deslauriers@canonical.com>
Date: Fri, 14 Mar 2025 08:55:06 -0400
Subject: [PATCH] Minimal stop-gap fix for CVE-2025-27363
Origin: https://www.openwall.com/lists/oss-security/2025/03/14/3
Bug: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-27363
Reference:https://salsa.debian.org/debian/freetype/-/merge_requests/4
Conflict:NA
---
src/truetype/ttgload.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index 2ca63d65a3a3..7ce6d2a6fb29 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1948,7 +1948,7 @@
short i, limit;
FT_SubGlyph subglyph;
- FT_Outline outline;
+ FT_Outline outline = { 0, 0, NULL, NULL, NULL, 0 };
FT_Vector* points = NULL;
char* tags = NULL;
short* contours = NULL;
@@ -1957,6 +1957,13 @@
limit = (short)gloader->current.num_subglyphs;
+ /* make sure this isn't negative as we're going to add 4 later */
+ if ( limit < 0 )
+ {
+ error = FT_THROW( Invalid_Argument );
+ goto Exit;
+ }
+
/* construct an outline structure for */
/* communication with `TT_Vary_Apply_Glyph_Deltas' */
outline.n_points = (short)( gloader->current.num_subglyphs + 4 );
--
2.47.2
Reference in New Issue View Git Blame Copy Permalink