diff options
Diffstat (limited to 'poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch')
-rw-r--r-- | poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch b/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch new file mode 100644 index 0000000000..f600309d3e --- /dev/null +++ b/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch @@ -0,0 +1,41 @@ +From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <wl@gnu.org> +Date: Mon, 14 Nov 2022 19:18:19 +0100 +Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer + overflow. + +Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462 + +Upstream-Status: Backport [https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611] +CVE: CVE-2023-2004 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/truetype/ttgxvar.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c +index 7f2db0c..8968111 100644 +--- a/src/truetype/ttgxvar.c ++++ b/src/truetype/ttgxvar.c +@@ -42,6 +42,7 @@ + #include <ft2build.h> + #include <freetype/internal/ftdebug.h> + #include FT_CONFIG_CONFIG_H ++#include <freetype/internal/ftcalc.h> + #include <freetype/internal/ftstream.h> + #include <freetype/internal/sfnt.h> + #include <freetype/tttags.h> +@@ -1147,7 +1148,7 @@ + delta == 1 ? "" : "s", + vertical ? "VVAR" : "HVAR" )); + +- *avalue += delta; ++ *avalue = ADD_INT( *avalue, delta ); + + Exit: + return error; +-- +2.25.1 + |