rpms/fontforge
7
0
Fork 0
Code Issues Pull Requests Releases Activity

another fix for rh#1790042 - CVE-2020-5395:out-of-bounds write in sfd.c

Browse Source
This commit is contained in:
Parag Nemade 2020-02-18 13:48:19 +05:30
parent afbac9327c
commit 7f6f786c73
No known key found for this signature in database
GPG Key ID: 71932951EB71E972
3 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
fontforge-20190801-cve-2020-5395-followup-fix.patch Normal file
View File

@ -0,0 +1,28 @@
From b96273acc691ac8a36c6a8dd4de8e6edd7eaae59 Mon Sep 17 00:00:00 2001
From: Fredrick Brennan <copypaste@kittens.ph>
Date: Tue, 21 Jan 2020 15:16:00 +0800
Subject: [PATCH] Fix crash on exit introduced in previous commit
When the number of layers is greater than 2, as in Chomsky.sfd and most
of my other fonts, FontForge will crash on exiting.
This is just a simple mistake @skef made.
---
fontforge/sfd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fontforge/sfd.c b/fontforge/sfd.c
index e8ca39ba83..9517d8cb12 100644
--- a/fontforge/sfd.c
+++ b/fontforge/sfd.c
@@ -7998,9 +7998,9 @@ bool SFD_GetFontMetaData( FILE *sfd,
int layer_cnt_tmp;
getint(sfd,&layer_cnt_tmp);
if ( layer_cnt_tmp>2 ) {
+ sf->layer_cnt = layer_cnt_tmp;
sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo));
memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo));
- sf->layer_cnt = layer_cnt_tmp;
}
}
else if ( strmatch(tok,"Layer:")==0 )

11
fontforge.spec
View File

@ -3,7 +3,7 @@
Name: fontforge
Version: 20190801
Release: 5%{?dist}
Release: 6%{?dist}
Summary: Outline and bitmap font editor
License: GPLv3+
@ -12,7 +12,10 @@ Source0: https://github.com/fontforge/%{name}/archive/%{gittag0}.tar.gz#/
Patch0: fontforge-20190413-python-3.8-pkg-config.patch
# Below are upstream patches
Patch1: fontforge-20190801-fix-metainfo.xml-file.patch
# https://github.com/fontforge/fontforge/issues/4084
Patch2: fontforge-20190801-cve-2020-5395.patch
# https://github.com/fontforge/fontforge/issues/4164
Patch3: fontforge-20190801-cve-2020-5395-followup-fix.patch
Requires: xdg-utils
Requires: autotrace
@ -77,6 +80,7 @@ This package contains documentation files for %{name}.
%endif
%patch1 -p1
%patch2 -p1
%patch3 -p1
mkdir htdocs
cp -pr doc/html/* htdocs
@ -145,10 +149,13 @@ find $RPM_BUILD_ROOT -name '*.a' -exec rm -f {} ';'
%doc htdocs
%changelog
* Sun Feb 16 2020 Parag Nemade <pnemade AT redhat DOT com> - 20190801-6
- another fix for rh#1790042 - CVE-2020-5395:out-of-bounds write in sfd.c
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20190801-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jan 16 2020 Parag Nemade <pnemade@fedoraproject.org> - 20190801-4
* Thu Jan 16 2020 Parag Nemade <pnemade AT redhat DOT com> - 20190801-4
- Resolves:rh#1790042 - CVE-2020-5395:out-of-bounds write in sfd.c
* Tue Aug 27 2019 Kevin Fenzi <kevin@scrye.com> - 20190801-3

3
tests/scripts/generate.pe
View File

@ -4,4 +4,7 @@ Open($argv[i], 1)
#Use gen_flags=Defualt fmflags value as -1
gen_flags = -1
Generate("" + $fontname + ".ttf", "", gen_flags)
Generate("" + $fontname + ".otf", "", gen_flags)
PrintSetup (5)
PrintFont (0, 0, "", $fontname + "-sample.pdf")