aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/freetype-CVE-2018-6942.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/freetype-CVE-2018-6942.patch')
-rw-r--r--gnu/packages/patches/freetype-CVE-2018-6942.patch31
1 files changed, 31 insertions, 0 deletions
diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch
new file mode 100644
index 0000000000..680f357765
--- /dev/null
+++ b/gnu/packages/patches/freetype-CVE-2018-6942.patch
@@ -0,0 +1,31 @@
+Fix CVE-2018-6942:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
+https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html
+
+Copied from upstream (ChangeLog section removed):
+https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
+
+diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
+index d855aaa..551f14a 100644
+--- a/src/truetype/ttinterp.c
++++ b/src/truetype/ttinterp.c
+@@ -7532,8 +7532,16 @@
+ return;
+ }
+
+- for ( i = 0; i < num_axes; i++ )
+- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
++ if ( coords )
++ {
++ for ( i = 0; i < num_axes; i++ )
++ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
++ }
++ else
++ {
++ for ( i = 0; i < num_axes; i++ )
++ args[i] = 0;
++ }
+ }
+
+
generated by cgit v1.2.3 (git 2.25.4) at 2024-06-30 14:41:05 +0000