Package: libfreetype6 Version: 2.1.7-2.5 Severity: grave My xserver crashes with a FPE after upgrading freetype.
Cause: The very last security-releated path in freetype_2.1.7-2.5 has this patch: --- freetype-2.1.7.orig/src/raster/ftrend1.c 2003-06-18 08:59:56.000000000 +0200 +++ freetype-2.1.7/src/raster/ftrend1.c 2006-05-28 15:50:05.000000000 +0200 @@ -21,6 +21,7 @@ #include FT_OUTLINE_H #include "ftrend1.h" #include "ftraster.h" +#include <limits.h> #include "rasterrs.h" @@ -175,6 +176,9 @@ bitmap->rows = height; bitmap->pitch = pitch; + if ((FT_ULong)pitch > LONG_MAX/height) + goto Exit; + if ( FT_ALLOC( bitmap->buffer, (FT_ULong)pitch * height ) ) goto Exit; This patch needs to become sth like: --- freetype-2.1.7.orig/src/raster/ftrend1.c 2003-06-18 08:59:56.000000000 +0200 +++ freetype-2.1.7/src/raster/ftrend1.c 2006-05-28 15:50:05.000000000 +0200 @@ -21,6 +21,7 @@ #include FT_OUTLINE_H #include "ftrend1.h" #include "ftraster.h" +#include <limits.h> #include "rasterrs.h" @@ -175,6 +176,9 @@ bitmap->rows = height; bitmap->pitch = pitch; + if (height != 0 && (FT_ULong)pitch > LONG_MAX/height) + goto Exit; + if ( FT_ALLOC( bitmap->buffer, (FT_ULong)pitch * height ) ) goto Exit; Regards, Wolfram. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]