diff --git a/fontconfig-fix-SAST.patch b/fontconfig-fix-SAST.patch new file mode 100644 index 0000000..6ef1b07 --- /dev/null +++ b/fontconfig-fix-SAST.patch @@ -0,0 +1,54 @@ +From eaa335e7c4686c622f31e691f8a41fdf30ea42b3 Mon Sep 17 00:00:00 2001 +From: Akira TAGOH +Date: Wed, 31 Jul 2024 17:31:36 +0900 +Subject: [PATCH 1/2] Fix a memory leak in _get_real_paths_from_prefix + +--- + src/fcxml.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/fcxml.c b/src/fcxml.c +index 9fe0674..083fc1f 100644 +--- a/src/fcxml.c ++++ b/src/fcxml.c +@@ -1327,11 +1327,9 @@ _get_real_paths_from_prefix(FcConfigParse *parse, const FcChar8 *path, const FcC + if (!p) + return NULL; + parent = FcStrDirname (p); ++ FcStrFree (p); + if (!parent) +- { +- free (p); + return NULL; +- } + } + } + #ifndef _WIN32 +-- +2.45.2 + +From ab765827101787d49c0a66b23addc1f68f99a455 Mon Sep 17 00:00:00 2001 +From: Akira TAGOH +Date: Wed, 31 Jul 2024 17:37:53 +0900 +Subject: [PATCH 2/2] Set FcTypeVoid if no valid types to convert + +--- + src/fcname.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/fcname.c b/src/fcname.c +index 566f0ef..b152bd9 100644 +--- a/src/fcname.c ++++ b/src/fcname.c +@@ -406,6 +406,8 @@ FcNameConvert (FcType type, const char *object, FcChar8 *string) + v.u.r = FcRangeCreateDouble (b, e); + break; + default: ++ /* No valid type to convert */ ++ v.type = FcTypeVoid; + break; + } + return v; +-- +2.45.2 + diff --git a/fontconfig.spec b/fontconfig.spec index febe0f1..bfd9a5f 100644 --- a/fontconfig.spec +++ b/fontconfig.spec @@ -5,7 +5,7 @@ Summary: Font configuration and customization library Name: fontconfig Version: 2.15.0 -Release: 5%{?dist} +Release: 6%{?dist} # src/ftglue.[ch] is in Public Domain # src/fccache.c contains Public Domain code ## https://gitlab.com/fedora/legal/fedora-license-data/-/issues/177 @@ -23,6 +23,7 @@ Patch4: %{name}-drop-lang-from-pkgkit-format.patch Patch5: %{name}-disable-network-required-test.patch Patch6: %{name}-lower-nonlatin-conf.patch Patch7: %{name}-remove-uuid.patch +Patch9: %{name}-fix-SAST.patch BuildRequires: libxml2-devel BuildRequires: freetype-devel >= %{freetype_version} @@ -193,6 +194,10 @@ fi %doc fontconfig-devel.txt fontconfig-devel %changelog +* Thu Aug 1 2024 Akira TAGOH - 2.15.0-6 +- Fix a memory leak and potentially uninitialized values. + Resolves: RHEL-41007, RHEL-41008 + * Mon Jun 24 2024 Troy Dawson - 2.15.0-5 - Bump release for June 2024 mass rebuild