Fix SAST Automation findings

Resolves: RHEL-44737
2024-09-30 16:53:35 +02:00 · 2024-09-30 16:53:35 +02:00 · 31aa4878ca
commit 31aa4878ca
parent 9788f97354
2 changed files with 83 additions and 1 deletions
--- a/freetype-2.13.2-SAST-findings.patch
+++ b/freetype-2.13.2-SAST-findings.patch
@ -0,0 +1,75 @@
+diff --git a/src/autofit/afglobal.c b/src/autofit/afglobal.c
+index b7403fa65..1fd5a0be3 100644
+--- a/src/autofit/afglobal.c
+++ b/src/autofit/afglobal.c
+@@ -245,6 +245,12 @@
+         af_shaper_get_coverage( globals, style_class, gstyles, 0 );
+     }
+ 
+    if ( dflt >= sizeof (af_style_classes) / sizeof (AF_StyleClass) )
+    {
+      error = FT_THROW( Invalid_Offset );
+      goto Exit;
+    }
+
+     /* ... and finally the default OpenType features of the default script */
+     af_shaper_get_coverage( globals, af_style_classes[dflt], gstyles, 1 );
+ 
+diff --git a/src/tools/apinames.c b/src/tools/apinames.c
+index 5a49b0649..feefb4ee7 100644
+--- a/src/tools/apinames.c
+++ b/src/tools/apinames.c
+@@ -182,6 +182,7 @@ names_dump( FILE*         out,
+   case OUTPUT_WATCOM_LBC:
+     {
+       const char*  dot;
+      char  temp[512];
+ 
+ 
+       if ( !dll_name )
+@@ -195,7 +196,6 @@ names_dump( FILE*         out,
+       dot = strchr( dll_name, '.' );
+       if ( dot )
+       {
+-        char  temp[512];
+         int   len = dot - dll_name;
+ 
+ 
+diff --git a/src/ftbench.c b/src/ftbench.c
+index ec5c46c..7d96f60 100644
+--- a/ft2demos-2.13.2/src/ftbench.c
+++ b/ft2demos-2.13.2/src/ftbench.c
+@@ -907,6 +907,7 @@
+         {
+           fprintf( stderr,
+                    "couldn't allocate memory to pre-load font file\n" );
+          fclose( file );
+ 
+           return 1;
+         }
+@@ -916,9 +917,11 @@
+           fprintf( stderr, "read error\n" );
+           free( memory_file );
+           memory_file = NULL;
+          fclose( file );
+ 
+           return 1;
+         }
+        fclose( file );
+       }
+ 
+       error = FT_New_Memory_Face( lib,
+diff --git a/src/ftgrid.c b/src/ftgrid.c
+index bae4826..1a8f421 100644
+--- a/ft2demos-2.13.2/src/ftgrid.c
+++ b/ft2demos-2.13.2/src/ftgrid.c
+@@ -420,6 +420,9 @@
+     if ( !line )
+       return;
+ 
+    if (bit->mode == gr_pixel_mode_mono)
+      memset( line, 0, (size_t)( pitch * bit->rows * scale * scale ));
+
+     switch( bit->mode )
+     {
+       case gr_pixel_mode_mono:
--- a/freetype.spec
+++ b/freetype.spec
@ -4,7 +4,7 @@
 Summary: A free and portable font rendering engine
 Name: freetype
 Version: 2.13.2
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: (FTL OR GPL-2.0-or-later) AND BSD-3-Clause AND MIT AND MIT-Modern-Variant AND LicenseRef-Fedora-Public-Domain AND Zlib
 URL: http://www.freetype.org
 Source:  http://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.xz
@ -25,6 +25,8 @@ Patch4:  freetype-2.8-multilib.patch

 Patch5:  freetype-2.10.0-internal-outline.patch

+Patch6:  freetype-2.13.2-SAST-findings.patch
+
 BuildRequires:  gcc
 BuildRequires: libX11-devel
 BuildRequires: libpng-devel
@ -86,6 +88,7 @@ popd
 %patch 3 -p1 -b .libtool
 %patch 4 -p1 -b .multilib
 %patch 5 -p1 -b .internal-outline
+%patch 6 -p1 -b .SAST-findings

 %build

@ -227,6 +230,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.{a,la}
 %{_mandir}/man1/*

 %changelog
+* Mon Sep 30 2024 Marek Kasik <mkasik@redhat.com> - 2.13.2-7
+- Fix SAST Automation findings
+- Resolves: RHEL-44737
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.13.2-6
 - Bump release for June 2024 mass rebuild