Module Name: xsrc
Committed By: martin
Date: Thu Oct 22 11:31:16 UTC 2020
Modified Files:
xsrc/external/mit/freetype/dist/src/sfnt [netbsd-8]: pngshim.c
Log Message:
Apply patch, requested by maya and mrg in ticket #1618:
xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c (apply patch)
Fix for CVE-2020-15999.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c
diff -u xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c:1.1.1.4 xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c:1.1.1.4.2.1
--- xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c:1.1.1.4 Sun May 15 22:35:30 2016
+++ xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c Thu Oct 22 11:31:16 2020
@@ -260,6 +260,12 @@
{
FT_ULong size;
+ /* reject too large bitmaps similarly to the rasterizer */
+ if ( map->rows > 0x7FFF || map->width > 0x7FFF )
+ {
+ error = FT_THROW( Array_Too_Large );
+ goto DestroyExit;
+ }
metrics->width = (FT_UShort)imgWidth;
metrics->height = (FT_UShort)imgHeight;
@@ -270,13 +276,6 @@
map->pitch = (int)( map->width * 4 );
map->num_grays = 256;
- /* reject too large bitmaps similarly to the rasterizer */
- if ( map->rows > 0x7FFF || map->width > 0x7FFF )
- {
- error = FT_THROW( Array_Too_Large );
- goto DestroyExit;
- }
-
/* this doesn't overflow: 0x7FFF * 0x7FFF * 4 < 2^32 */
size = map->rows * (FT_ULong)map->pitch;
