Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
graphite2
graphite2-CVE-2018-7999.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File graphite2-CVE-2018-7999.patch of Package graphite2
Index: graphite2-1.3.1/include/graphite2/Font.h =================================================================== --- graphite2-1.3.1.orig/include/graphite2/Font.h 2015-08-31 06:42:03.000000000 +0200 +++ graphite2-1.3.1/include/graphite2/Font.h 2018-03-12 17:31:36.448403368 +0100 @@ -56,7 +56,7 @@ GR2_API void gr_engine_version(int *nMaj enum gr_face_options { /** No preload, no cmap caching, fail if the graphite tables are invalid */ gr_face_default = 0, - /** Dumb rendering will be enabled if the graphite tables are invalid */ + /** Dumb rendering will be enabled if the graphite tables are invalid. DEPRECATED. */ gr_face_dumbRendering = 1, /** preload glyphs at construction time */ gr_face_preloadGlyphs = 2, Index: graphite2-1.3.1/src/GlyphCache.cpp =================================================================== --- graphite2-1.3.1.orig/src/GlyphCache.cpp 2015-08-31 06:42:03.000000000 +0200 +++ graphite2-1.3.1/src/GlyphCache.cpp 2018-03-12 17:38:30.703673051 +0100 @@ -84,7 +84,7 @@ const SlantBox SlantBox::empty = {0,0,0, class GlyphCache::Loader { public: - Loader(const Face & face, const bool dumb_font); //return result indicates success. Do not use if failed. + Loader(const Face & face); //return result indicates success. Do not use if failed. operator bool () const throw(); unsigned short int units_per_em() const throw(); @@ -115,7 +115,7 @@ private: GlyphCache::GlyphCache(const Face & face, const uint32 face_options) -: _glyph_loader(new Loader(face, bool(face_options & gr_face_dumbRendering))), +: _glyph_loader(new Loader(face)), _glyphs(_glyph_loader && *_glyph_loader ? grzeroalloc<const GlyphFace *>(_glyph_loader->num_glyphs()) : 0), _boxes(_glyph_loader && _glyph_loader->has_boxes() ? grzeroalloc<GlyphBox *>(_glyph_loader->num_glyphs()) : 0), _num_glyphs(_glyphs ? _glyph_loader->num_glyphs() : 0), @@ -235,7 +235,7 @@ const GlyphFace *GlyphCache::glyph(unsig -GlyphCache::Loader::Loader(const Face & face, const bool dumb_font) +GlyphCache::Loader::Loader(const Face & face) : _head(face, Tag::head), _hhea(face, Tag::hhea), _hmtx(face, Tag::hmtx), @@ -261,45 +261,48 @@ GlyphCache::Loader::Loader(const Face & return; } - if (!dumb_font) + if ((m_pGlat = Face::Table(face, Tag::Glat, 0x00030000)) == NULL + || (m_pGloc = Face::Table(face, Tag::Gloc)) == NULL + || m_pGloc.size() < 8) { - if ((m_pGlat = Face::Table(face, Tag::Glat, 0x00030000)) == NULL - || (m_pGloc = Face::Table(face, Tag::Gloc)) == NULL - || m_pGloc.size() < 6) - { - _head = Face::Table(); - return; - } - const byte * p = m_pGloc; - int version = be::read<uint32>(p); - const uint16 flags = be::read<uint16>(p); - _num_attrs = be::read<uint16>(p); - // We can accurately calculate the number of attributed glyphs by - // subtracting the length of the attribids array (numAttribs long if present) - // and dividing by either 2 or 4 depending on shor or lonf format - _long_fmt = flags & 1; - int tmpnumgattrs = (m_pGloc.size() - - (p - m_pGloc) - - sizeof(uint16)*(flags & 0x2 ? _num_attrs : 0)) - / (_long_fmt ? sizeof(uint32) : sizeof(uint16)) - 1; - - if (version >= 0x00020000 || tmpnumgattrs < 0 || tmpnumgattrs > 65535 - || _num_attrs == 0 || _num_attrs > 0x3000 // is this hard limit appropriate? - || _num_glyphs_graphics > tmpnumgattrs) - { - _head = Face::Table(); - return; - } - - _num_glyphs_attributes = static_cast<unsigned short>(tmpnumgattrs); - p = m_pGlat; - version = be::read<uint32>(p); - if (version >= 0x00040000) // reject Glat tables that are too new - { - _head = Face::Table(); - return; - } - _has_boxes = (version == 0x00030000); + _head = Face::Table(); + return; + } + const byte * p = m_pGloc; + int version = be::read<uint32>(p); + const uint16 flags = be::read<uint16>(p); + _num_attrs = be::read<uint16>(p); + // We can accurately calculate the number of attributed glyphs by + // subtracting the length of the attribids array (numAttribs long if present) + // and dividing by either 2 or 4 depending on shor or lonf format + _long_fmt = flags & 1; + int tmpnumgattrs = (m_pGloc.size() + - (p - m_pGloc) + - sizeof(uint16)*(flags & 0x2 ? _num_attrs : 0)) + / (_long_fmt ? sizeof(uint32) : sizeof(uint16)) - 1; + + if (version >= 0x00020000 || tmpnumgattrs < 0 || tmpnumgattrs > 65535 + || _num_attrs == 0 || _num_attrs > 0x3000 // is this hard limit appropriate? + || _num_glyphs_graphics > tmpnumgattrs + || m_pGlat.size() < 4) + { + _head = Face::Table(); + return; + } + _num_glyphs_attributes = static_cast<unsigned short>(tmpnumgattrs); + p = m_pGlat; + version = be::read<uint32>(p); + if (version >= 0x00040000 || (version >= 0x00030000 && m_pGlat.size() < 8)) // reject Glat tables that are too new + { + _head = Face::Table(); + return; + } + else if (version >= 0x00030000) + { + unsigned int glatflags = be::read<uint32>(p); + _has_boxes = glatflags & 1; + // delete this once the compiler is fixed + _has_boxes = true; } } Index: graphite2-1.3.1/src/gr_face.cpp =================================================================== --- graphite2-1.3.1.orig/src/gr_face.cpp 2015-08-31 06:42:03.000000000 +0200 +++ graphite2-1.3.1/src/gr_face.cpp 2018-03-12 17:31:36.460403579 +0100 @@ -47,8 +47,7 @@ namespace telemetry::category _misc_cat(face.tele.misc); #endif Face::Table silf(face, Tag::Silf, 0x00050000); - if (silf) options &= ~gr_face_dumbRendering; - else if (!(options & gr_face_dumbRendering)) + if (!silf) return false; if (!face.readGlyphs(options)) @@ -74,7 +73,7 @@ namespace return true; } else - return options & gr_face_dumbRendering; + return false; } } Index: graphite2-1.3.1/tests/featuremap/CMakeLists.txt =================================================================== --- graphite2-1.3.1.orig/tests/featuremap/CMakeLists.txt 2015-08-31 06:42:03.000000000 +0200 +++ graphite2-1.3.1/tests/featuremap/CMakeLists.txt 2018-03-12 17:31:36.460403579 +0100 @@ -20,7 +20,7 @@ if (GRAPHITE2_ASAN) endif (GRAPHITE2_ASAN) target_link_libraries(featuremaptest graphite2 graphite2-base graphite2-segcache graphite2-base) -add_test(NAME featuremaptest COMMAND $<TARGET_FILE:featuremaptest> ${testing_SOURCE_DIR}/fonts/tiny.ttf) +add_test(NAME featuremaptest COMMAND $<TARGET_FILE:featuremaptest> ${testing_SOURCE_DIR}/fonts/small.ttf) set_tests_properties(featuremaptest PROPERTIES TIMEOUT 3) if (GRAPHITE2_ASAN) set_property(TEST featuremaptest APPEND PROPERTY ENVIRONMENT "ASAN_SYMBOLIZER_PATH=${ASAN_SYMBOLIZER}") Index: graphite2-1.3.1/tests/featuremap/featuremaptest.cpp =================================================================== --- graphite2-1.3.1.orig/tests/featuremap/featuremaptest.cpp 2015-08-31 06:42:03.000000000 +0200 +++ graphite2-1.3.1/tests/featuremap/featuremaptest.cpp 2018-03-12 17:31:36.460403579 +0100 @@ -243,7 +243,7 @@ template <class T> void testFeatTable(co { FeatureMap testFeatureMap; dummyFace.replace_table(TtfUtil::Tag::Feat, &table, sizeof(T)); - gr_face * face = gr_make_face_with_ops(&dummyFace, &face_handle::ops, gr_face_dumbRendering); + gr_face * face = gr_make_face_with_ops(&dummyFace, &face_handle::ops, 0); if (!face) throw std::runtime_error("failed to load font"); bool readStatus = testFeatureMap.readFeats(*face); testAssert("readFeats", readStatus); @@ -285,9 +285,8 @@ int main(int argc, char * argv[]) // test a bad settings offset stradling the end of the table FeatureMap testFeatureMap; dummyFace.replace_table(TtfUtil::Tag::Feat, &testBadOffset, sizeof testBadOffset); - face = gr_make_face_with_ops(&dummyFace, &face_handle::ops, gr_face_dumbRendering); - bool readStatus = testFeatureMap.readFeats(*face); - testAssert("fail gracefully on bad table", !readStatus); + face = gr_make_face_with_ops(&dummyFace, &face_handle::ops, 0); + testAssert("fail gracefully on bad table", !face); } catch (std::exception & e) { Index: graphite2-1.3.1/tests/vm/CMakeLists.txt =================================================================== --- graphite2-1.3.1.orig/tests/vm/CMakeLists.txt 2015-08-31 06:42:03.000000000 +0200 +++ graphite2-1.3.1/tests/vm/CMakeLists.txt 2018-03-12 17:31:36.460403579 +0100 @@ -41,7 +41,7 @@ if (${CMAKE_SYSTEM_NAME} STREQUAL "Linu endif ("${CMAKE_BUILD_TYPE}" STREQUAL "Release") endif (${CMAKE_SYSTEM_NAME} STREQUAL "Linux") -add_test(vm-test-call-threading vm-test-call ${testing_SOURCE_DIR}/fonts/tiny.ttf 1) +add_test(vm-test-call-threading vm-test-call ${testing_SOURCE_DIR}/fonts/small.ttf 1) set_tests_properties(vm-test-call-threading PROPERTIES PASS_REGULAR_EXPRESSION "simple program size: 14 bytes.*result of program: 42" FAIL_REGULAR_EXPRESSION "program terminated early;stack not empty") @@ -51,7 +51,7 @@ if (GRAPHITE2_ASAN) endif (GRAPHITE2_ASAN) if (${CMAKE_COMPILER_IS_GNUCXX}) - add_test(vm-test-direct-threading vm-test-direct ${testing_SOURCE_DIR}/fonts/tiny.ttf 1) + add_test(vm-test-direct-threading vm-test-direct ${testing_SOURCE_DIR}/fonts/small.ttf 1) set_tests_properties(vm-test-direct-threading PROPERTIES PASS_REGULAR_EXPRESSION "simple program size: 14 bytes.*result of program: 42" FAIL_REGULAR_EXPRESSION "program terminated early;stack not empty")
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
