music pushed to rpms/woff (f36). "Patch a possible double-free bug" - scm-commits - Fedora mailing-lists

29 Nov 2022

Notification time stamped 2022-11-29 16:50:59 UTC
From de73f56efcab4b2afab45cd0ce57d85b4cb6813d Mon Sep 17 00:00:00 2001
From: Benjamin A. Beasley code@musicinmybrain.net
Date: Nov 29 2022 16:49:35 +0000
Subject: Patch a possible double-free bug
---

diff --git a/possible-double-free.patch b/possible-double-free.patch
new file mode 100644
index 0000000..09a5660
--- /dev/null
+++ b/possible-double-free.patch
@@ -0,0 +1,11 @@
+diff -Naur a/woff.c b/woff.c
+--- a/woff.c	2009-09-25 09:54:13.000000000 -0400
++++ b/woff.c	2022-11-29 10:09:15.091798523 -0500
+@@ -354,6 +354,7 @@
+   newHeader->privLen = 0;
+ 
+   free(tableOrder);
++  tableOrder = 0;
+ 
+   if ((status & eWOFF_warn_checksum_mismatch) != 0) {
+     /* The original font had checksum errors, so we now decode our WOFF data
diff --git a/woff.spec b/woff.spec
index c99c7a7..afb8777 100644
--- a/woff.spec
+++ b/woff.spec
@@ -18,6 +18,11 @@ Source0:        %{original_url}/woff-code-latest.zip
 Source1:        sfnt2woff.1
 Source2:        woff2sfnt.1
+# It’s possible that tableOrder could be freed twice if a failure occurs. Set
+# the pointer null after freeing it to prevent this. There is no current
+# upstream to which this could be reported.
+Patch:          possible-double-free.patch
+
 BuildRequires:  make
 BuildRequires:  gcc
@@ -27,7 +32,7 @@ BuildRequires:  zlib-devel
 Encoding and Decoding for Web Open Font Format(Woff)
%prep
-%autosetup -c
+%autosetup -c -p1
%build
https://src.fedoraproject.org/rpms/woff/c/de73f56efcab4b2afab45cd0ce57d85b4c...

    