rpms/fontconfig
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a memory leak and potentially uninitialized values.

Browse Source 
Resolves: RHEL-41007, RHEL-41008
This commit is contained in:
Akira TAGOH 2024-08-01 14:35:19 +09:00
parent 43393aa773
commit e7885ef7c0
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
fontconfig-fix-SAST.patch Normal file
View File

@ -0,0 +1,54 @@
From eaa335e7c4686c622f31e691f8a41fdf30ea42b3 Mon Sep 17 00:00:00 2001
From: Akira TAGOH <akira@tagoh.org>
Date: Wed, 31 Jul 2024 17:31:36 +0900
Subject: [PATCH 1/2] Fix a memory leak in _get_real_paths_from_prefix
---
src/fcxml.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/fcxml.c b/src/fcxml.c
index 9fe0674..083fc1f 100644
--- a/src/fcxml.c
+++ b/src/fcxml.c
@@ -1327,11 +1327,9 @@ _get_real_paths_from_prefix(FcConfigParse *parse, const FcChar8 *path, const FcC
if (!p)
return NULL;
parent = FcStrDirname (p);
+ FcStrFree (p);
if (!parent)
- {
- free (p);
return NULL;
- }
}
}
#ifndef _WIN32
--
2.45.2
From ab765827101787d49c0a66b23addc1f68f99a455 Mon Sep 17 00:00:00 2001
From: Akira TAGOH <akira@tagoh.org>
Date: Wed, 31 Jul 2024 17:37:53 +0900
Subject: [PATCH 2/2] Set FcTypeVoid if no valid types to convert
---
src/fcname.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/fcname.c b/src/fcname.c
index 566f0ef..b152bd9 100644
--- a/src/fcname.c
+++ b/src/fcname.c
@@ -406,6 +406,8 @@ FcNameConvert (FcType type, const char *object, FcChar8 *string)
v.u.r = FcRangeCreateDouble (b, e);
break;
default:
+ /* No valid type to convert */
+ v.type = FcTypeVoid;
break;
}
return v;
--
2.45.2

7
fontconfig.spec
View File

@ -5,7 +5,7 @@
Summary: Font configuration and customization library Summary: Font configuration and customization library
Name: fontconfig Name: fontconfig
Version: 2.15.0 Version: 2.15.0
Release: 5%{?dist} Release: 6%{?dist}
# src/ftglue.[ch] is in Public Domain # src/ftglue.[ch] is in Public Domain
# src/fccache.c contains Public Domain code # src/fccache.c contains Public Domain code
## https://gitlab.com/fedora/legal/fedora-license-data/-/issues/177 ## https://gitlab.com/fedora/legal/fedora-license-data/-/issues/177
@ -23,6 +23,7 @@ Patch4: %{name}-drop-lang-from-pkgkit-format.patch
Patch5: %{name}-disable-network-required-test.patch Patch5: %{name}-disable-network-required-test.patch
Patch6: %{name}-lower-nonlatin-conf.patch Patch6: %{name}-lower-nonlatin-conf.patch
Patch7: %{name}-remove-uuid.patch Patch7: %{name}-remove-uuid.patch
Patch9: %{name}-fix-SAST.patch
BuildRequires: libxml2-devel BuildRequires: libxml2-devel
BuildRequires: freetype-devel >= %{freetype_version} BuildRequires: freetype-devel >= %{freetype_version}
@ -193,6 +194,10 @@ fi
%doc fontconfig-devel.txt fontconfig-devel %doc fontconfig-devel.txt fontconfig-devel
%changelog %changelog
* Thu Aug 1 2024 Akira TAGOH <tagoh@redhat.com> - 2.15.0-6
- Fix a memory leak and potentially uninitialized values.
Resolves: RHEL-41007, RHEL-41008
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.15.0-5 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.15.0-5
- Bump release for June 2024 mass rebuild - Bump release for June 2024 mass rebuild