NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/cairo: fix CVE-2018-19876

Browse Source 
Add an upstream patch to fix CVE-2018-19876: cairo 1.16.0, in
cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a
free function incompatible with WebKit's fastMalloc, leading to an
application crash with a "free(): invalid pointer" error.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2020-02-29 21:00:16 +01:00 committed by Peter Korsgaard
parent 9675c3fbe8
commit 91b150dc33
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
package/cairo/0002-ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-cairo_ft_apply_variation.patch Normal file
View File

@ -0,0 +1,33 @@
From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Mon, 19 Nov 2018 12:33:07 +0100
Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
cairo_ft_apply_variations
Fixes a crash when using freetype >= 2.9
[Retrieved from:
https://gitlab.freedesktop.org/cairo/cairo/-/commit/90e85c2493fdfa3551f202ff10282463f1e36645]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/cairo-ft-font.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
index 325dd61b4..981973f78 100644
--- a/src/cairo-ft-font.c
+++ b/src/cairo-ft-font.c
@@ -2393,7 +2393,11 @@ skip:
done:
free (coords);
free (current_coords);
+#if HAVE_FT_DONE_MM_VAR
+ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
+#else
free (ft_mm_var);
+#endif
}
}
--
2.24.1

3
package/cairo/cairo.mk
View File

@ -11,6 +11,9 @@ CAIRO_LICENSE_FILES = COPYING COPYING-LGPL-2.1 COPYING-MPL-1.1
CAIRO_SITE = http://cairographics.org/releases
CAIRO_INSTALL_STAGING = YES
# 0002-ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-cairo_ft_apply_variation.patch
CAIRO_IGNORE_CVES += CVE-2018-19876
# relocation truncated to fit: R_68K_GOT16O
ifeq ($(BR2_m68k_cf),y)
CAIRO_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -mxgot"