45 lines
1.4 KiB
Diff
45 lines
1.4 KiB
Diff
Fix CVE-2017-8287:
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
|
|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
|
|
|
|
Patch copied from upstream source repository:
|
|
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
|
|
|
|
From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
|
|
From: Werner Lemberg <wl@gnu.org>
|
|
Date: Sun, 26 Mar 2017 08:32:09 +0200
|
|
Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety
|
|
guard.
|
|
|
|
Reported as
|
|
|
|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
|
|
---
|
|
ChangeLog | 8 ++++++++
|
|
src/psaux/psobjs.c | 8 ++++++++
|
|
2 files changed, 16 insertions(+)
|
|
|
|
diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
|
|
index d18e821a..0baf8368 100644
|
|
--- a/src/psaux/psobjs.c
|
|
+++ b/src/psaux/psobjs.c
|
|
@@ -1718,6 +1718,14 @@
|
|
first = outline->n_contours <= 1
|
|
? 0 : outline->contours[outline->n_contours - 2] + 1;
|
|
|
|
+ /* in malformed fonts it can happen that a contour was started */
|
|
+ /* but no points were added */
|
|
+ if ( outline->n_contours && first == outline->n_points )
|
|
+ {
|
|
+ outline->n_contours--;
|
|
+ return;
|
|
+ }
|
|
+
|
|
/* We must not include the last point in the path if it */
|
|
/* is located on the first point. */
|
|
if ( outline->n_points > 1 )
|
|
--
|
|
2.12.2
|
|
|