libspiro: CVE-2019-19847 patch
Signed-off-by: Nathan Owens <ndowens04@gmail.com>
This commit is contained in:
Nathan Owens
Helmut Pozimski
parent
7e46121fb5
commit
848747cd7a
|
|
@ -0,0 +1,63 @@
|
||||||
|
From 35233450c922787dad42321e359e5229ff470a1e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Joe Da Silva <digital@joescat.com>
|
||||||
|
Date: Sat, 21 Dec 2019 13:10:22 -0800
|
||||||
|
Subject: [PATCH] CVE-2019-19847, Stack-based buffer overflow in the
|
||||||
|
spiro_to_bpath0()
|
||||||
|
|
||||||
|
Frederic Cambus (@fcambus) discovered a bug in call-test.c using:
|
||||||
|
./configure CFLAGS="-fsanitize=address"
|
||||||
|
make
|
||||||
|
./tests/call-test[14,15,16,17,18,19]
|
||||||
|
Fredrick Brennan (@ctrlcctrlv) provided bugfix. See issue #21
|
||||||
|
---
|
||||||
|
configure.ac | 7 ++++++-
|
||||||
|
tests/call-test.c | 4 ++--
|
||||||
|
3 files changed, 10 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git configure.ac configure.ac
|
||||||
|
index 8a44d04..e77ce17 100644
|
||||||
|
--- configure.ac
|
||||||
|
+++ configure.ac
|
||||||
|
@@ -50,7 +50,7 @@ m4_define([spiro_age], [0])
|
||||||
|
m4_define([spiro_libver],[spiro_current:spiro_revision:spiro_age])
|
||||||
|
|
||||||
|
m4_define([spiro_package_name], [libspiro])
|
||||||
|
-
|
||||||
|
+
|
||||||
|
AC_INIT([spiro],[spiro_package_stamp],[fontforge-devel@lists.sourceforge.net],
|
||||||
|
[spiro_package_name],[https://github.com/fontforge/libspiro])
|
||||||
|
|
||||||
|
@@ -236,6 +236,11 @@ dnl AX_CHECK_COMPILE_FLAG([-Wcast-qual],[WCFLAGS="$WCFLAGS -Wcast-qual"])
|
||||||
|
dnl AX_CHECK_COMPILE_FLAG([-Wcast-align],[WCFLAGS="$WCFLAGS -Wcast-align"])
|
||||||
|
dnl AX_CHECK_COMPILE_FLAG([-Wpadded],[WCFLAGS="$WCFLAGS -Wpadded"])
|
||||||
|
dnl AX_CHECK_COMPILE_FLAG([-Woverlength-strings],[WCFLAGS="$WCFLAGS -Woverlength-strings"])
|
||||||
|
+
|
||||||
|
+dnl NOTE: -fsanitize has to be first library
|
||||||
|
+dnl and will also conflict with other checks
|
||||||
|
+dnl like valgrind due to similar test checks
|
||||||
|
+dnl AX_CHECK_COMPILE_FLAG([-fsanitize=address],[CFLAGS=" -fsanitize=address $CFLAGS"])
|
||||||
|
AC_LANG_POP
|
||||||
|
# Skip if replacing with LS_LIB instead.
|
||||||
|
WLSLIB=""
|
||||||
|
diff --git tests/call-test.c tests/call-test.c
|
||||||
|
index c27d41a..76ee12d 100644
|
||||||
|
--- tests/call-test.c
|
||||||
|
+++ tests/call-test.c
|
||||||
|
@@ -536,7 +536,7 @@ bezctx *new_bezctx_test(void) {
|
||||||
|
int test_curve(int c) {
|
||||||
|
spiro_cp spiro[16];
|
||||||
|
int nextknot[17];
|
||||||
|
- double d[5];
|
||||||
|
+ double d[6];
|
||||||
|
spiro_seg *segs = NULL;
|
||||||
|
bezctx *bc;
|
||||||
|
rs_check_vals *rsp;
|
||||||
|
@@ -545,7 +545,7 @@ int test_curve(int c) {
|
||||||
|
/* Load sample data so that we can see if library is callable */
|
||||||
|
load_test_curve(spiro,nextknot,c);
|
||||||
|
|
||||||
|
- d[0] = 1.; d[1] = d[1] = 0.;
|
||||||
|
+ d[0] = 1.; d[1] = d[2] = 0.;
|
||||||
|
#if defined(DO_CALL_TEST20)
|
||||||
|
/* check if spiro values are reversed correctly on input path */
|
||||||
|
printf("---\ntesting spiroreverse() using data=path%d[].\n",c);
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'libspiro'
|
# Template file for 'libspiro'
|
||||||
pkgname=libspiro
|
pkgname=libspiro
|
||||||
version=20190731
|
version=20190731
|
||||||
revision=1
|
revision=2
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
hostmakedepends="automake libtool"
|
hostmakedepends="automake libtool"
|
||||||
short_desc="Simplifies the drawing of beautiful curves"
|
short_desc="Simplifies the drawing of beautiful curves"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue