diff options
Diffstat (limited to 'pkgs/development/libraries/freetype/cve-2017-8105.patch')
-rw-r--r-- | pkgs/development/libraries/freetype/cve-2017-8105.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/pkgs/development/libraries/freetype/cve-2017-8105.patch b/pkgs/development/libraries/freetype/cve-2017-8105.patch new file mode 100644 index 000000000000..dc4327a52a88 --- /dev/null +++ b/pkgs/development/libraries/freetype/cve-2017-8105.patch @@ -0,0 +1,27 @@ +http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee43 + +diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c +index af7b465..7dd4513 100644 +--- a/src/psaux/t1decode.c ++++ b/src/psaux/t1decode.c +@@ -780,10 +780,19 @@ + /* point without adding any point to the outline */ + idx = decoder->num_flex_vectors++; + if ( idx > 0 && idx < 7 ) ++ { ++ /* in malformed fonts it is possible to have other */ ++ /* opcodes in the middle of a flex (which don't */ ++ /* increase `num_flex_vectors'); we thus have to */ ++ /* check whether we can add a point */ ++ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) ) ++ goto Syntax_Error; ++ + t1_builder_add_point( builder, + x, + y, + (FT_Byte)( idx == 3 || idx == 6 ) ); ++ } + } + break; + + |