Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
fontforge.17349
fontforge-CVE-2020-5395-5496.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fontforge-CVE-2020-5395-5496.patch of Package fontforge.17349
diff --git a/fontforge/sfd.c b/fontforge/sfd.c index d76a86c94..91d064c68 100644 --- a/fontforge/sfd.c +++ b/fontforge/sfd.c @@ -3885,13 +3885,16 @@ static void SFDGetSpiros(FILE *sfd,SplineSet *cur) { while ( fscanf(sfd,"%lg %lg %c", &cp.x, &cp.y, &cp.ty )==3 ) { if ( cur!=NULL ) { if ( cur->spiro_cnt>=cur->spiro_max ) - cur->spiros = realloc(cur->spiros,(cur->spiro_max+=10)*sizeof(spiro_cp)); + cur->spiros = realloc(cur->spiros, + (cur->spiro_max+=10)*sizeof(spiro_cp)); cur->spiros[cur->spiro_cnt++] = cp; } } - if ( cur!=NULL && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) { + if ( cur!=NULL && cur->spiro_cnt>0 + && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) { if ( cur->spiro_cnt>=cur->spiro_max ) - cur->spiros = realloc(cur->spiros,(cur->spiro_max+=1)*sizeof(spiro_cp)); + cur->spiros = realloc(cur->spiros, + (cur->spiro_max+=1)*sizeof(spiro_cp)); memset(&cur->spiros[cur->spiro_cnt],0,sizeof(spiro_cp)); cur->spiros[cur->spiro_cnt++].ty = SPIRO_END; } @@ -7810,10 +7813,12 @@ bool SFD_GetFontMetaData( FILE *sfd, else if ( strmatch(tok,"LayerCount:")==0 ) { d->had_layer_cnt = true; - getint(sfd,&sf->layer_cnt); - if ( sf->layer_cnt>2 ) { + int layer_cnt_tmp; + getint(sfd,&layer_cnt_tmp); + if ( layer_cnt_tmp>2 ) { sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo)); memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo)); + sf->layer_cnt = layer_cnt_tmp; } } else if ( strmatch(tok,"Layer:")==0 ) @@ -8766,6 +8771,10 @@ exit( 1 ); } } + // Many downstream functions assume this isn't NULL (use strlen, etc.) + if ( sf->fontname==NULL) + sf->fontname = copy(""); + if ( fromdir ) sf = SFD_FigureDirType(sf,tok,dirname,enc,remap,had_layer_cnt); else if ( sf->subfontcnt!=0 ) { diff --git a/fontforge/sfd1.c b/fontforge/sfd1.c index 34497d317..e45b6950a 100644 --- a/fontforge/sfd1.c +++ b/fontforge/sfd1.c @@ -671,7 +671,7 @@ void SFD_AssignLookups(SplineFont1 *sf) { /* Fix up some gunk from really old versions of the sfd format */ SFDCleanupAnchorClasses(&sf->sf); - if ( sf->sf.uni_interp==ui_unset ) + if ( sf->sf.uni_interp==ui_unset && sf->sf.map!=NULL ) sf->sf.uni_interp = interp_from_encoding(sf->sf.map->enc,ui_none); /* Fixup for an old bug */ -- 2.24.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor