freetype: fix pcf fonts by upstream patches

The problem was uncovered by the last security patches. Firefox seems to build and work fine. Includes reverting 374a9cc16271, as this is a proper fix.
author: Vladimír Čunát <vcunat@gmail.com> 2014-12-17 22:07:36 +0100
committer: Vladimír Čunát <vcunat@gmail.com> 2014-12-17 22:12:41 +0100
commit: 3938dc3c2156ebd874f2f014039a2397db343431 (patch)
tree: 2df5f2db96264f2e6ee99332727a98d8df967d5b /pkgs/development/libraries
parent: 319b981f2230b8944cb49e1c16cfe1614e64df60 (diff)
download: nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar
nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar.gz
nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar.bz2
nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar.lz
nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar.xz
nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar.zst
nixlib-3938dc3c2156ebd874f2f014039a2397db343431.zip
3 files changed, 134 insertions, 1 deletions
diff --git a/pkgs/development/libraries/fontconfig/default.nix b/pkgs/development/libraries/fontconfig/default.nix
index 7ae6ec8ac926..b03528de2d5d 100644
--- a/pkgs/development/libraries/fontconfig/default.nix
+++ b/pkgs/development/libraries/fontconfig/default.nix
@@ -57,7 +57,7 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  doCheck = false;
+  doCheck = true;
 
   # Don't try to write to /var/cache/fontconfig at install time.
   installFlags = "fc_cachedir=$(TMPDIR)/dummy RUN_FC_CACHE_TEST=false";
diff --git a/pkgs/development/libraries/freetype/default.nix b/pkgs/development/libraries/freetype/default.nix
index d02eedbdc480..e9e393075b3e 100644
--- a/pkgs/development/libraries/freetype/default.nix
+++ b/pkgs/development/libraries/freetype/default.nix
@@ -24,6 +24,7 @@ stdenv.mkDerivation rec {
   };
 
   patches = [ ./enable-validation.patch ] # from Gentoo, bohoomil has the same patch as well
+    ++ [ ./fix-pcf.patch ]
     ++ optionals useEncumberedCode [
       (fetch_bohoomil "02-ftsmooth-2.5.4.patch" "11w4wb7gwgpijc788mpkxj92d7rfdwrdv7jzrpxwv5w5cgpx9iw9")
       (fetch_bohoomil "03-upstream-2014.12.07.patch" "0gq7y63mg3gc5z69nfkv2kl7xad0bjzsvnl6j1j9q79jjbvaqdq0")
diff --git a/pkgs/development/libraries/freetype/fix-pcf.patch b/pkgs/development/libraries/freetype/fix-pcf.patch
new file mode 100644
index 000000000000..bb301bcd9caa
--- /dev/null
+++ b/pkgs/development/libraries/freetype/fix-pcf.patch
@@ -0,0 +1,132 @@
+Upstream fixes for pcf fonts.
+
+http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=74af85c4b62b35e55b0ce9dec55ee10cbc4962a2
+http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=06842c7b49c21f13c0ab61201daab6ff5a358fcc
+
+diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
+index 998cbed..e3caf82 100644
+--- a/src/pcf/pcfread.c
++++ b/src/pcf/pcfread.c
+@@ -2,7 +2,7 @@
+ 
+     FreeType font driver for pcf fonts
+ 
+-  Copyright 2000-2010, 2012, 2013 by
++  Copyright 2000-2010, 2012-2014 by
+   Francesco Zappa Nardelli
+ 
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+@@ -78,7 +78,7 @@ THE SOFTWARE.
+     FT_FRAME_START( 16  ),
+       FT_FRAME_ULONG_LE( type ),
+       FT_FRAME_ULONG_LE( format ),
+-      FT_FRAME_ULONG_LE( size ),
++      FT_FRAME_ULONG_LE( size ),   /* rounded up to a multiple of 4 */
+       FT_FRAME_ULONG_LE( offset ),
+     FT_FRAME_END
+   };
+@@ -95,9 +95,11 @@ THE SOFTWARE.
+     FT_Memory  memory = FT_FACE( face )->memory;
+     FT_UInt    n;
+ 
++    FT_ULong   size;
+ 
+-    if ( FT_STREAM_SEEK ( 0 )                          ||
+-         FT_STREAM_READ_FIELDS ( pcf_toc_header, toc ) )
++
++    if ( FT_STREAM_SEEK( 0 )                          ||
++         FT_STREAM_READ_FIELDS( pcf_toc_header, toc ) )
+       return FT_THROW( Cannot_Open_Resource );
+ 
+     if ( toc->version != PCF_FILE_VERSION                 ||
+@@ -154,14 +156,35 @@ THE SOFTWARE.
+         break;
+     }
+ 
+-    /* we now check whether the `size' and `offset' values are reasonable: */
+-    /* `offset' + `size' must not exceed the stream size                   */
++    /*
++     *  We now check whether the `size' and `offset' values are reasonable:
++     *  `offset' + `size' must not exceed the stream size.
++     *
++     *  Note, however, that X11's `pcfWriteFont' routine (used by the
++     *  `bdftopcf' program to create PDF font files) has two special
++     *  features.
++     *
++     *  - It always assigns the accelerator table a size of 100 bytes in the
++     *    TOC, regardless of its real size, which can vary between 34 and 72
++     *    bytes.
++     *
++     *  - Due to the way the routine is designed, it ships out the last font
++     *    table with its real size, ignoring the TOC's size value.  Since
++     *    the TOC size values are always rounded up to a multiple of 4, the
++     *    difference can be up to three bytes for all tables except the
++     *    accelerator table, for which the difference can be as large as 66
++     *    bytes.
++     *
++     */
++
+     tables = face->toc.tables;
+-    for ( n = 0; n < toc->count; n++ )
++    size   = stream->size;
++
++    for ( n = 0; n < toc->count - 1; n++ )
+     {
+       /* we need two checks to avoid overflow */
+-      if ( ( tables->size   > stream->size                ) ||
+-           ( tables->offset > stream->size - tables->size ) )
++      if ( ( tables->size   > size                ) ||
++           ( tables->offset > size - tables->size ) )
+       {
+         error = FT_THROW( Invalid_Table );
+         goto Exit;
+@@ -169,6 +192,15 @@ THE SOFTWARE.
+       tables++;
+     }
+ 
++    /* no check of `tables->size' for last table element ... */
++    if ( ( tables->offset > size ) )
++    {
++      error = FT_THROW( Invalid_Table );
++      goto Exit;
++    }
++    /* ... instead, we adjust `tables->size' to the real value */
++    tables->size = size - tables->offset;
++
+ #ifdef FT_DEBUG_LEVEL_TRACE
+ 
+     {
+@@ -733,8 +765,8 @@ THE SOFTWARE.
+ 
+     FT_TRACE4(( "  number of bitmaps: %d\n", nbitmaps ));
+ 
+-    /* XXX: PCF_Face->nmetrics is singed FT_Long, see pcf.h */
+-    if ( face->nmetrics < 0 || nbitmaps != ( FT_ULong )face->nmetrics )
++    /* XXX: PCF_Face->nmetrics is signed FT_Long, see pcf.h */
++    if ( face->nmetrics < 0 || nbitmaps != (FT_ULong)face->nmetrics )
+       return FT_THROW( Invalid_File_Format );
+ 
+     if ( FT_NEW_ARRAY( offsets, nbitmaps ) )
+diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
+index e3caf82..a29a9e3 100644
+--- a/src/pcf/pcfread.c
++++ b/src/pcf/pcfread.c
+@@ -192,14 +192,15 @@ THE SOFTWARE.
+       tables++;
+     }
+ 
+-    /* no check of `tables->size' for last table element ... */
++    /* only check `tables->offset' for last table element ... */
+     if ( ( tables->offset > size ) )
+     {
+       error = FT_THROW( Invalid_Table );
+       goto Exit;
+     }
+-    /* ... instead, we adjust `tables->size' to the real value */
+-    tables->size = size - tables->offset;
++    /* ... and adjust `tables->size' to the real value if necessary */
++    if ( tables->size > size - tables->offset )
++      tables->size = size - tables->offset;
+ 
+ #ifdef FT_DEBUG_LEVEL_TRACE
+
author	Vladimír Čunát <vcunat@gmail.com>	2014-12-17 22:07:36 +0100
committer	Vladimír Čunát <vcunat@gmail.com>	2014-12-17 22:12:41 +0100
commit	3938dc3c2156ebd874f2f014039a2397db343431 (patch)
tree	2df5f2db96264f2e6ee99332727a98d8df967d5b /pkgs/development/libraries
parent	319b981f2230b8944cb49e1c16cfe1614e64df60 (diff)
download	nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar.gz nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar.bz2 nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar.lz nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar.xz nixlib-3938dc3c2156ebd874f2f014039a2397db343431.tar.zst nixlib-3938dc3c2156ebd874f2f014039a2397db343431.zip