mirrors
/
tigervnc
mirror of https://github.com/TigerVNC/tigervnc.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 37 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2547 Commits
15 Branches
Tree: 1ff04d1b8a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1ff04d1b8a'
${ noResults }
tigervnc/contrib/packages/rpm/el5/SOURCES/freetype-2.3.11-CVE-2010-28...

freetype-2.3.11-CVE-2010-2808.patch 802B
Raw Blame History

123456789101112131415161718192021 
  1. --- freetype-2.3.11/src/base/ftobjs.c	2010-09-30 13:58:50.000000000 +0200

  2. +++ freetype-2.3.11/src/base/ftobjs.c	2010-09-30 13:59:31.000000000 +0200

  3. @@ -1529,6 +1529,7 @@

  4.        FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n",

  5.                     i, offsets[i], rlen, flags ));

  6.  

  7. +      /* postpone the check of rlen longer than buffer until FT_Stream_Read() */

  8.        if ( ( flags >> 8 ) == 0 )        /* Comment, should not be loaded */

  9.          continue;

  10.  

  11. @@ -1568,6 +1569,10 @@

  12.          pfb_data[pfb_pos++] = 0;

  13.        }

  14.  

  15. +      error = FT_Err_Cannot_Open_Resource;

  16. +      if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len )

  17. +        goto Exit2;

  18. +

  19.        error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen );

  20.        if ( error )

  21.          goto Exit2;