rpms/freetype
6
0
Fork 1
Code Issues Pull Requests Releases Activity
c9s
freetype/freetype-2.10.4-cve-2025-27363.patch
Michel Lind 61fdf05f0e
Fix for CVE-2025-27363 out-of-bound write vulnerability 
Resolves: RHEL-83104
Resolves: RHEL-83109

Signed-off-by: Michel Lind <salimma@centosproject.org>
2025-03-14 12:57:35 -05:00

26 lines
837 B
Diff
Raw Permalink Blame History

--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1944,7 +1944,7 @@
short i, limit;
FT_SubGlyph subglyph;
- FT_Outline outline;
+ FT_Outline outline = { 0, 0, NULL, NULL, NULL, 0 };
FT_Vector* points = NULL;
char* tags = NULL;
short* contours = NULL;
@@ -1953,6 +1953,13 @@
limit = (short)gloader->current.num_subglyphs;
+ /* make sure this isn't negative as we're going to add 4 later */
+ if ( limit < 0 )
+ {
+ error = FT_THROW( Invalid_Argument );
+ goto Exit;
+ }
+
/* construct an outline structure for */
/* communication with `TT_Vary_Apply_Glyph_Deltas' */
outline.n_points = (short)( gloader->current.num_subglyphs + 4 );
Reference in New Issue View Git Blame Copy Permalink