svn commit: r409139 - in head/graphics/silgraphite: . files
Mark Felder
feld at FreeBSD.org
Thu Feb 18 23:15:29 UTC 2016
Author: feld
Date: Thu Feb 18 23:15:27 2016
New Revision: 409139
URL: https://svnweb.freebsd.org/changeset/ports/409139
Log:
graphics/silgraphite: Patch vulnerability
Submitted by: truckman
MFH: 2016Q1
Security: http://www.vuxml.org/freebsd/8f10fa04-cf6a-11e5-96d6-14dae9d210b8.html
Added:
head/graphics/silgraphite/files/patch-engine_src_font_TtfUtil.cpp (contents, props changed)
Modified:
head/graphics/silgraphite/Makefile
Modified: head/graphics/silgraphite/Makefile
==============================================================================
--- head/graphics/silgraphite/Makefile Thu Feb 18 23:08:33 2016 (r409138)
+++ head/graphics/silgraphite/Makefile Thu Feb 18 23:15:27 2016 (r409139)
@@ -3,7 +3,7 @@
PORTNAME= silgraphite
PORTVERSION= 2.3.1
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= graphics devel
MASTER_SITES= SF
Added: head/graphics/silgraphite/files/patch-engine_src_font_TtfUtil.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/graphics/silgraphite/files/patch-engine_src_font_TtfUtil.cpp Thu Feb 18 23:15:27 2016 (r409139)
@@ -0,0 +1,20 @@
+--- engine/src/font/TtfUtil.cpp.orig 2009-01-29 08:33:19 UTC
++++ engine/src/font/TtfUtil.cpp
+@@ -1106,7 +1106,7 @@ size_t LocaLookup(gr::gid16 nGlyphId,
+ // CheckTable verifies the index_to_loc_format is valid
+ if (read(pTable->index_to_loc_format) == Sfnt::FontHeader::ShortIndexLocFormat)
+ { // loca entries are two bytes and have been divided by two
+- if (nGlyphId <= (lLocaSize >> 1) - 1) // allow sentinel value to be accessed
++ if (lLocaSize >= 2 && nGlyphId <= (lLocaSize >> 1) - 1) // allow sentinel value to be accessed
+ {
+ const uint16 * pTable = reinterpret_cast<const uint16 *>(pLoca);
+ return (read(pTable[nGlyphId]) << 1);
+@@ -1115,7 +1115,7 @@ size_t LocaLookup(gr::gid16 nGlyphId,
+
+ if (read(pTable->index_to_loc_format) == Sfnt::FontHeader::LongIndexLocFormat)
+ { // loca entries are four bytes
+- if (nGlyphId <= (lLocaSize >> 2) - 1)
++ if (lLocaSize >= 4 && nGlyphId <= (lLocaSize >> 2) - 1)
+ {
+ const uint32 * pTable = reinterpret_cast<const uint32 *>(pLoca);
+ return read(pTable[nGlyphId]);
More information about the svn-ports-all
mailing list