mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 05:29:32 +00:00
Code Issues Projects Releases Wiki Activity

freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c

Browse Source 
Fix An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c

(From OE-Core rev: 6a07e1524746bd3cfa5aec090a882f4a7f954dad)

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vivek Kumbhar
2023-04-29 11:06:24 +05:30
committed by Steve Sakoman
parent 7aac01a2a7
commit f90eb43a15
2 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
+41
View File
@@ -0,0 +1,41 @@
From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Mon, 14 Nov 2022 19:18:19 +0100
Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
Upstream-Status: Backport [https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611]
CVE: CVE-2023-2004
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
---
src/truetype/ttgxvar.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 7f2db0c..8968111 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -42,6 +42,7 @@
#include <ft2build.h>
#include <freetype/internal/ftdebug.h>
#include FT_CONFIG_CONFIG_H
+#include <freetype/internal/ftcalc.h>
#include <freetype/internal/ftstream.h>
#include <freetype/internal/sfnt.h>
#include <freetype/tttags.h>
@@ -1147,7 +1148,7 @@
delta == 1 ? "" : "s",
vertical ? "VVAR" : "HVAR" ));
- *avalue += delta;
+ *avalue = ADD_INT( *avalue, delta );
Exit:
return error;
--
2.25.1
meta/recipes-graphics/freetype/freetype_2.11.1.bb
+1
View File
@@ -16,6 +16,7 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.xz \
file://CVE-2022-27404.patch \ file://CVE-2022-27404.patch \
file://CVE-2022-27405.patch \ file://CVE-2022-27405.patch \
file://CVE-2022-27406.patch \ file://CVE-2022-27406.patch \
file://CVE-2023-2004.patch \
" "
SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8" SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8"