freetype: CVE-2018-6942

2018-06-13 15:18:28 +02:00 · 2018-06-13 15:18:28 +02:00 · ee2a509c4f
parent b1de702cb1
commit ee2a509c4f
2 changed files with 39 additions and 1 deletions
--- a/srcpkgs/freetype/patches/CVE-2018-6942.patch
+++ b/srcpkgs/freetype/patches/CVE-2018-6942.patch
@ -0,0 +1,38 @@
+From 29c759284e305ec428703c9a5831d0b1fc3497ef Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Sat, 27 Jan 2018 14:43:43 +0100
+Subject: * src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL reference.
+
+Reported as
+
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
+---
+ src/truetype/ttinterp.c | 12 ++++++++++--
+ 2 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git ./src/truetype/ttinterp.c ./src/truetype/ttinterp.c
+index d855aaa..551f14a 100644
+--- ./src/truetype/ttinterp.c
+++ ./src/truetype/ttinterp.c
+@@ -7532,8 +7532,16 @@
+       return;
+     }
+ 
+-    for ( i = 0; i < num_axes; i++ )
+-      args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
+    if ( coords )
+    {
+      for ( i = 0; i < num_axes; i++ )
+        args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
+    }
+    else
+    {
+      for ( i = 0; i < num_axes; i++ )
+        args[i] = 0;
+    }
+   }
+ 
+ 
+-- 
+cgit v1.0-41-gc330
+
--- a/srcpkgs/freetype/template
+++ b/srcpkgs/freetype/template
@ -1,7 +1,7 @@
 # Template build file 'freetype'.
 pkgname=freetype
 version=2.9
-revision=2
+revision=3
 build_style=gnu-configure
 hostmakedepends="pkg-config"
 makedepends="zlib-devel bzip2-devel libpng-devel"