summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/freetype-CVE-2017-8287.patch
blob: d1145a87eeebac5138faf7f8ee95ad80d5603873 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Fix CVE-2017-8287:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941

Patch copied from upstream source repository:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0

From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sun, 26 Mar 2017 08:32:09 +0200
Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety
 guard.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
---
 ChangeLog          | 8 ++++++++
 src/psaux/psobjs.c | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
index d18e821a..0baf8368 100644
--- a/src/psaux/psobjs.c
+++ b/src/psaux/psobjs.c
@@ -1718,6 +1718,14 @@
     first = outline->n_contours <= 1
             ? 0 : outline->contours[outline->n_contours - 2] + 1;
 
+    /* in malformed fonts it can happen that a contour was started */
+    /* but no points were added                                    */
+    if ( outline->n_contours && first == outline->n_points )
+    {
+      outline->n_contours--;
+      return;
+    }
+
     /* We must not include the last point in the path if it */
     /* is located on the first point.                       */
     if ( outline->n_points > 1 )
-- 
2.12.2