NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
03b228fd1a
kumquat-buildroot/package/cairo/0002-ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-cairo_ft_apply_variation.patch
Fabrice Fontaine 91b150dc33 package/cairo: fix CVE-2018-19876 
Add an upstream patch to fix CVE-2018-19876: cairo 1.16.0, in
cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a
free function incompatible with WebKit's fastMalloc, leading to an
application crash with a "free(): invalid pointer" error.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-29 23:17:29 +01:00

34 lines
923 B
Diff
Raw Blame History

From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <cgarcia@igalia.com>
Date: Mon, 19 Nov 2018 12:33:07 +0100
Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
cairo_ft_apply_variations
Fixes a crash when using freetype >= 2.9
[Retrieved from:
https://gitlab.freedesktop.org/cairo/cairo/-/commit/90e85c2493fdfa3551f202ff10282463f1e36645]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/cairo-ft-font.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
index 325dd61b4..981973f78 100644
--- a/src/cairo-ft-font.c
+++ b/src/cairo-ft-font.c
@@ -2393,7 +2393,11 @@ skip:
done:
free (coords);
free (current_coords);
+#if HAVE_FT_DONE_MM_VAR
+ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
+#else
free (ft_mm_var);
+#endif
}
}
--
2.24.1
Reference in New Issue View Git Blame Copy Permalink