Package: libfreetype6
Version: 2.1.7-2.5
Severity: grave
My xserver crashes with a FPE after upgrading freetype.
Cause:
The very last security-releated path in freetype_2.1.7-2.5
has this patch:
--- freetype-2.1.7.orig/src/raster/ftrend1.c 2003-06-18 08:59:56.000000000
+0200
+++ freetype-2.1.7/src/raster/ftrend1.c 2006-05-28 15:50:05.000000000 +0200
@@ -21,6 +21,7 @@
#include FT_OUTLINE_H
#include "ftrend1.h"
#include "ftraster.h"
+#include <limits.h>
#include "rasterrs.h"
@@ -175,6 +176,9 @@
bitmap->rows = height;
bitmap->pitch = pitch;
+ if ((FT_ULong)pitch > LONG_MAX/height)
+ goto Exit;
+
if ( FT_ALLOC( bitmap->buffer, (FT_ULong)pitch * height ) )
goto Exit;
This patch needs to become sth like:
--- freetype-2.1.7.orig/src/raster/ftrend1.c 2003-06-18 08:59:56.000000000
+0200
+++ freetype-2.1.7/src/raster/ftrend1.c 2006-05-28 15:50:05.000000000 +0200
@@ -21,6 +21,7 @@
#include FT_OUTLINE_H
#include "ftrend1.h"
#include "ftraster.h"
+#include <limits.h>
#include "rasterrs.h"
@@ -175,6 +176,9 @@
bitmap->rows = height;
bitmap->pitch = pitch;
+ if (height != 0 && (FT_ULong)pitch > LONG_MAX/height)
+ goto Exit;
+
if ( FT_ALLOC( bitmap->buffer, (FT_ULong)pitch * height ) )
goto Exit;
Regards,
Wolfram.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
