summary refs log tree commit diff
path: root/pkgs/development/libraries/freetype/cve-2017-8105.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/libraries/freetype/cve-2017-8105.patch')
-rw-r--r--pkgs/development/libraries/freetype/cve-2017-8105.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/pkgs/development/libraries/freetype/cve-2017-8105.patch b/pkgs/development/libraries/freetype/cve-2017-8105.patch
new file mode 100644
index 000000000000..dc4327a52a88
--- /dev/null
+++ b/pkgs/development/libraries/freetype/cve-2017-8105.patch
@@ -0,0 +1,27 @@
+http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee43
+
+diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
+index af7b465..7dd4513 100644
+--- a/src/psaux/t1decode.c
++++ b/src/psaux/t1decode.c
+@@ -780,10 +780,19 @@
+             /* point without adding any point to the outline    */
+             idx = decoder->num_flex_vectors++;
+             if ( idx > 0 && idx < 7 )
++            {
++              /* in malformed fonts it is possible to have other */
++              /* opcodes in the middle of a flex (which don't    */
++              /* increase `num_flex_vectors'); we thus have to   */
++              /* check whether we can add a point                */
++              if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
++                goto Syntax_Error;
++
+               t1_builder_add_point( builder,
+                                     x,
+                                     y,
+                                     (FT_Byte)( idx == 3 || idx == 6 ) );
++            }
+           }
+           break;
+ 
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-25 13:00:56 +0000