Skip to content

Commit

Permalink
main/freetype: security fix (CVE-2018-6942)
Browse files Browse the repository at this point in the history 
Fixes #8987
  • Loading branch information
@rnalrd
rnalrd committed Jun 13, 2018
1 parent 599da1e commit 7a7493c
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 1 deletion.
6 changes: 5 additions & 1 deletion main/freetype/APKBUILD
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <[email protected]>
pkgname=freetype
pkgver=2.9
pkgrel=0
pkgrel=1
pkgdesc="TrueType font rendering library"
url="https://www.freetype.org/"
arch="all"
Expand All @@ -17,11 +17,14 @@ source="http://download.savannah.gnu.org/releases/freetype/freetype-$pkgver.tar.
0001-Enable-table-validation-modules.patch
0003-Enable-infinality-subpixel-hinting.patch
0004-Enable-long-PCF-family-names.patch
CVE-2018-6942.patch
freetype-profile.sh
"

# secfixes:
# 2.9-r1:
# - CVE-2018-6942
# 2.7.1-r1:
# - CVE-2017-8105
# - CVE-2017-8287
Expand Down Expand Up @@ -56,4 +59,5 @@ sha512sums="28465f3453baf9a187529432118389de8f1b85273c9fb787d2c8f0feee8ab64b387d
41a84be2631b53072a76b78c582575aa48b650ee7b00017d018381002bc25df10cf33da4954c95ef50db39f1fa566678e3b4ae9bfee1dfd705423fb53e53e494 0001-Enable-table-validation-modules.patch
7b52a3d67750d59b2c98e83dab4e0a0ab263142c2ca7bd5f8be5f8fe9cd1dc1f4debad44111c7886665329d8d2a3163756455618a6615df8f85d82bb0372d4dd 0003-Enable-infinality-subpixel-hinting.patch
64c20fbcbf48372ea35fe2e0dae8fec4be8c601c899a4a71913060c6ea4082a2f41d69701da511e09fee126bf198d560986469e2356bd088d2dd5961f437df63 0004-Enable-long-PCF-family-names.patch
26978105a1f69917778712ed24170a6d17c0ca2bfda8c179238a8f2534b197d0c65c648605a5433870c8d27e8211abf5ae9120d1fe9663148554f2e038603e75 CVE-2018-6942.patch
829dff39fc98e341cf88433758d9288fe9f824c1a1644ac7777ed274133df0fd0ee65606b7dab69acdb12ebf516d89da063df8850114e0c4e16a28bcc5de215d freetype-profile.sh"
38 changes: 38 additions & 0 deletions main/freetype/CVE-2018-6942.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
From 29c759284e305ec428703c9a5831d0b1fc3497ef Mon Sep 17 00:00:00 2001
From: Werner Lemberg <[email protected]>
Date: Sat, 27 Jan 2018 14:43:43 +0100
Subject: * src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL reference.

Reported as

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
---
src/truetype/ttinterp.c | 12 ++++++++++--
2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index d855aaa..551f14a 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -7532,8 +7532,16 @@
return;
}

- for ( i = 0; i < num_axes; i++ )
- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
+ if ( coords )
+ {
+ for ( i = 0; i < num_axes; i++ )
+ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
+ }
+ else
+ {
+ for ( i = 0; i < num_axes; i++ )
+ args[i] = 0;
+ }
}


--
cgit v1.0-41-gc330

0 comments on commit 7a7493c

Please sign in to comment.