cvs commit: ports/java/jdk14/files
patch-awt_fontmanager_fontObject.cpp
Greg Lewis
glewis at FreeBSD.org
Sat Oct 16 10:00:28 PDT 2004
glewis 2004-10-16 17:00:28 UTC
FreeBSD ports repository
Added files:
java/jdk14/files patch-awt_fontmanager_fontObject.cpp
Log:
. In the ReadChunk() function, change an assert() to be a "test for a
condition and return NULL". Take account of the NULL in the
appropriate place (which is somewhat worrisome in itself since
ReadChunk() has always had the possibility of returning NULL).
This makes loading a font file a little more resilient to specially
crafted font data which can be used, for example, by an applet to
crash the browser plugin by triggering the assert(). Such an applet
was mentioned on Bugtraq:
http://www.securityfocus.com/archive/1/367331/2004-06-26/2004-07-02/0
and can be found at
http://www.illegalaccess.org/cms/?q=node/view/9
This change stops the browser plugin from crashing.
. Fix some warnings regarding formats in debugging printf's.
Revision Changes Path
1.1 +53 -0 ports/java/jdk14/files/patch-awt_fontmanager_fontObject.cpp (new)
More information about the cvs-all
mailing list