Module Name: xsrc Committed By: martin Date: Thu Oct 22 11:31:16 UTC 2020
Modified Files: xsrc/external/mit/freetype/dist/src/sfnt [netbsd-8]: pngshim.c Log Message: Apply patch, requested by maya and mrg in ticket #1618: xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c (apply patch) Fix for CVE-2020-15999. To generate a diff of this commit: cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c diff -u xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c:1.1.1.4 xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c:1.1.1.4.2.1 --- xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c:1.1.1.4 Sun May 15 22:35:30 2016 +++ xsrc/external/mit/freetype/dist/src/sfnt/pngshim.c Thu Oct 22 11:31:16 2020 @@ -260,6 +260,12 @@ { FT_ULong size; + /* reject too large bitmaps similarly to the rasterizer */ + if ( map->rows > 0x7FFF || map->width > 0x7FFF ) + { + error = FT_THROW( Array_Too_Large ); + goto DestroyExit; + } metrics->width = (FT_UShort)imgWidth; metrics->height = (FT_UShort)imgHeight; @@ -270,13 +276,6 @@ map->pitch = (int)( map->width * 4 ); map->num_grays = 256; - /* reject too large bitmaps similarly to the rasterizer */ - if ( map->rows > 0x7FFF || map->width > 0x7FFF ) - { - error = FT_THROW( Array_Too_Large ); - goto DestroyExit; - } - /* this doesn't overflow: 0x7FFF * 0x7FFF * 4 < 2^32 */ size = map->rows * (FT_ULong)map->pitch;