diff options
Diffstat (limited to 'meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch')
-rw-r--r-- | meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch new file mode 100644 index 0000000000..609d73d3f7 --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype-2.4.9/CVE-2012-5668.patch @@ -0,0 +1,31 @@ +From 9b6b5754b57c12b820e01305eb69b8863a161e5a Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <wl@gnu.org> +Date: Sat, 15 Dec 2012 00:34:41 +0000 +Subject: [bdf] Fix Savannah bug #37905. + +* src/bdf/bdflib.c (_bdf_parse_start): Reset `props_size' to zero in +case of allocation error; this value gets used in a loop in +`bdf_free_font'. + +Upstream-Status: Pending + +Signed-off-by: Eren Turkay <eren@hambedded.org> +Signed-off-by: Scott Garman <scott.a.garman@intel.com> +--- +diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c +index ed08a6e..8d7f9a0 100644 +--- a/src/bdf/bdflib.c ++++ b/src/bdf/bdflib.c +@@ -2169,7 +2169,10 @@ + p->cnt = p->font->props_size = _bdf_atoul( p->list.field[1], 0, 10 ); + + if ( FT_NEW_ARRAY( p->font->props, p->cnt ) ) ++ { ++ p->font->props_size = 0; + goto Exit; ++ } + + p->flags |= _BDF_PROPS; + *next = _bdf_parse_properties; +-- +cgit v0.9.0.2 |