mirrors
/
tigervnc
mirror of https://github.com/TigerVNC/tigervnc.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 37 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2547 Commits
15 Branches
Tree: 1ff04d1b8a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1ff04d1b8a'
${ noResults }
tigervnc/contrib/packages/rpm/el5/SOURCES/freetype-2.3.11-CVE-2011-02...

freetype-2.3.11-CVE-2011-0226.patch 4.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108 
  1. --- freetype-2.3.11/src/psaux/t1decode.c	2009-09-29 19:51:31.000000000 +0200

  2. +++ freetype-2.3.11/src/psaux/t1decode.c	2011-07-20 14:39:24.000000000 +0200

  3. @@ -4,7 +4,7 @@

  4.  /*                                                                         */

  5.  /*    PostScript Type 1 decoding routines (body).                          */

  6.  /*                                                                         */

  7. -/*  Copyright 2000-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */

  8. +/*  Copyright 2000-2011 by                                                 */

  9.  /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */

  10.  /*                                                                         */

  11.  /*  This file is part of the FreeType project, and may only be used,       */

  12. @@ -27,6 +27,8 @@

  13.  

  14.  #include "psauxerr.h"

  15.  

  16. +/* ensure proper sign extension */

  17. +#define Fix2Int( f )  ( (FT_Int)(FT_Short)( (f) >> 16 ) )

  18.  

  19.    /*************************************************************************/

  20.    /*                                                                       */

  21. @@ -665,7 +667,7 @@

  22.          if ( large_int )

  23.            FT_TRACE4(( " %ld", value ));

  24.          else

  25. -          FT_TRACE4(( " %ld", (FT_Int32)( value >> 16 ) ));

  26. +          FT_TRACE4(( " %ld", Fix2Int( value ) ));

  27.  #endif

  28.  

  29.          *top++       = value;

  30. @@ -687,8 +689,8 @@

  31.  

  32.          top -= 2;

  33.  

  34. -        subr_no = (FT_Int)( top[1] >> 16 );

  35. -        arg_cnt = (FT_Int)( top[0] >> 16 );

  36. +        subr_no = Fix2Int( top[1] );

  37. +        arg_cnt = Fix2Int( top[0] );

  38.  

  39.          /***********************************************************/

  40.          /*                                                         */

  41. @@ -861,7 +863,7 @@

  42.              if ( arg_cnt != 1 || blend == NULL )

  43.                goto Unexpected_OtherSubr;

  44.  

  45. -            idx = (FT_Int)( top[0] >> 16 );

  46. +            idx = Fix2Int( top[0] );

  47.  

  48.              if ( idx < 0                                           ||

  49.                   idx + blend->num_designs > decoder->len_buildchar )

  50. @@ -929,7 +931,7 @@

  51.              if ( arg_cnt != 2 || blend == NULL )

  52.                goto Unexpected_OtherSubr;

  53.  

  54. -            idx = (FT_Int)( top[1] >> 16 );

  55. +            idx = Fix2Int( top[1] );

  56.  

  57.              if ( idx < 0 || (FT_UInt) idx >= decoder->len_buildchar )

  58.                goto Unexpected_OtherSubr;

  59. @@ -950,7 +952,7 @@

  60.              if ( arg_cnt != 1 || blend == NULL )

  61.                goto Unexpected_OtherSubr;

  62.  

  63. -            idx = (FT_Int)( top[0] >> 16 );

  64. +            idx = Fix2Int( top[0] );

  65.  

  66.              if ( idx < 0 || (FT_UInt) idx >= decoder->len_buildchar )

  67.                goto Unexpected_OtherSubr;

  68. @@ -1008,11 +1010,15 @@

  69.            break;

  70.  

  71.          default:

  72. -          FT_ERROR(( "t1_decoder_parse_charstrings:"

  73. -                     " unknown othersubr [%d %d], wish me luck\n",

  74. -                     arg_cnt, subr_no ));

  75. -          unknown_othersubr_result_cnt = arg_cnt;

  76. -          break;

  77. +          if ( arg_cnt >= 0 && subr_no >= 0 )

  78. +          {

  79. +            FT_ERROR(( "t1_decoder_parse_charstrings:"

  80. +                       " unknown othersubr [%d %d], wish me luck\n",

  81. +                       arg_cnt, subr_no ));

  82. +            unknown_othersubr_result_cnt = arg_cnt;

  83. +            break;

  84. +          }

  85. +          /* fall through */

  86.  

  87.          Unexpected_OtherSubr:

  88.            FT_ERROR(( "t1_decoder_parse_charstrings:"

  89. @@ -1138,8 +1144,8 @@

  90.                                    top[0],

  91.                                    top[1],

  92.                                    top[2],

  93. -                                  (FT_Int)( top[3] >> 16 ),

  94. -                                  (FT_Int)( top[4] >> 16 ) );

  95. +                                  Fix2Int( top[3] ),

  96. +                                  Fix2Int( top[4] ) );

  97.  

  98.          case op_sbw:

  99.            FT_TRACE4(( " sbw" ));

  100. @@ -1313,7 +1319,7 @@

  101.  

  102.              FT_TRACE4(( " callsubr" ));

  103.  

  104. -            idx = (FT_Int)( top[0] >> 16 );

  105. +            idx = Fix2Int( top[0] );

  106.              if ( idx < 0 || idx >= (FT_Int)decoder->num_subrs )

  107.              {

  108.                FT_ERROR(( "t1_decoder_parse_charstrings:"