packages/freetype
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freetype/backport-CVE-2023-2004.patch
zhouwenpei 7138813857 fix CVE-2023-2004
2023-04-17 09:33:08 +00:00

38 lines
1012 B
Diff
Raw Blame History

From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Mon, 14 Nov 2022 19:18:19 +0100
Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
---
src/truetype/ttgxvar.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index aad3e29..a69a9b5 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -42,6 +42,7 @@
#include <ft2build.h>
#include <freetype/internal/ftdebug.h>
#include FT_CONFIG_CONFIG_H
+#include <freetype/internal/ftcalc.h>
#include <freetype/internal/ftstream.h>
#include <freetype/internal/sfnt.h>
#include <freetype/tttags.h>
@@ -1075,7 +1076,7 @@
delta == 1 ? "" : "s",
vertical ? "VVAR" : "HVAR" ));
- *avalue += delta;
+ *avalue = ADD_INT(*avalue, delta );
Exit:
return error;
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink