[Bug 800591] CVE-2012-1133 freetype: heap buffer underflow in BDF parser _bdf_parse_glyphs() (#35607)
bugzilla at redhat.com
bugzilla at redhat.com
Fri Mar 16 12:41:03 UTC 2012
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800591
--- Comment #9 from Tomas Hoger <thoger at redhat.com> 2012-03-16 08:41:00 EDT ---
(In reply to comment #8)
> It seems this issue existed in old freetype versions. It was later resolved
> via the following commit:
>
> http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=481838e2
Note there is additional follow up patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b698eeda
That patch add explicit conversion of p->glyph_enc to size_t for comparison
(which causes negative values to be converted to large positive unsigned
value). However, as glyph_enc is (signed) long and the right side of the
comparison is of the size_t type, gcc does implicit conversion of the
p->glyph_enc to unsigned long and hence error is reported.
> The freetype packages in Red Hat Enterprise Linux 5 and 6 are based on
> upstream versions that include the fix.
freetype packages in Red Hat Enterprise Linux 5 and 6 include explicit
conversion to size_t, patch that was added to earlier Red Hat Enterprise Linux
versions does not include explicit type conversion.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the fonts-bugs
mailing list