graphics/silgraphite: Patch vulnerability

Submitted by: truckman MFH: 2016Q1 Security: http://www.vuxml.org/freebsd/8f10fa04-cf6a-11e5-96d6-14dae9d210b8.html
svn path=/head/; revision=409139
2024-12-11 02:50:24 +00:00 · 2016-02-18 23:15:27 +00:00 · 2016-02-18 23:15:27 +00:00 · e44036c114 · 2021-03-31 03:12:20 +00:00
commit e44036c114
parent 3d9bd39ed6
2 changed files with 21 additions and 1 deletions
--- a/graphics/silgraphite/Makefile
+++ b/graphics/silgraphite/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	silgraphite
 PORTVERSION=	2.3.1
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	graphics devel
 MASTER_SITES=	SF

--- a/graphics/silgraphite/files/patch-engine_src_font_TtfUtil.cpp
+++ b/graphics/silgraphite/files/patch-engine_src_font_TtfUtil.cpp
@ -0,0 +1,20 @@
+--- engine/src/font/TtfUtil.cpp.orig	2009-01-29 08:33:19 UTC
+++ engine/src/font/TtfUtil.cpp
+@@ -1106,7 +1106,7 @@ size_t LocaLookup(gr::gid16 nGlyphId, 
+ 	// CheckTable verifies the index_to_loc_format is valid
+ 	if (read(pTable->index_to_loc_format) == Sfnt::FontHeader::ShortIndexLocFormat)
+ 	{ // loca entries are two bytes and have been divided by two
+-		if (nGlyphId <= (lLocaSize >> 1) - 1) // allow sentinel value to be accessed
+		if (lLocaSize >= 2 && nGlyphId <= (lLocaSize >> 1) - 1) // allow sentinel value to be accessed
+ 		{
+ 			const uint16 * pTable = reinterpret_cast<const uint16 *>(pLoca);
+ 			return (read(pTable[nGlyphId]) << 1);
+@@ -1115,7 +1115,7 @@ size_t LocaLookup(gr::gid16 nGlyphId, 
+ 	
+ 	if (read(pTable->index_to_loc_format) == Sfnt::FontHeader::LongIndexLocFormat)
+ 	{ // loca entries are four bytes
+-		if (nGlyphId <= (lLocaSize >> 2) - 1)
+		if (lLocaSize >= 4 && nGlyphId <= (lLocaSize >> 2) - 1)
+ 		{
+ 			const uint32 * pTable = reinterpret_cast<const uint32 *>(pLoca);
+ 			return read(pTable[nGlyphId]);