source: pkg/raul/main/pango1.0/trunk/debian/patches/01_CVE-2011-0020.patch @ 7505

Revision 7505, 1.3 KB checked in by alanbach-guest, 2 years ago (diff)
  • Security fix. Added 01_CVE-2011-0020.patch and 02_CVE-2011-0064.patch

  • pango/pangoft2-render.c 

    CVE-2011-0020
Debian #610792
Launchpad #696616
GNOME #639882

diff --git a/pango/pangoft2-render.c b/pango/pangoft2-render.c
index bd3b7d4..42923f4 100644
    a b pango_ft2_font_render_box_glyph (int width, 
    121121 
    122122  box->bitmap.width = width; 
    123123  box->bitmap.rows = height; 
    124   box->bitmap.pitch = height; 
     124  box->bitmap.pitch = width; 
    125125 
    126   box->bitmap.buffer = g_malloc0 (box->bitmap.rows * box->bitmap.pitch); 
     126  box->bitmap.buffer = g_malloc0_n (box->bitmap.rows, box->bitmap.pitch); 
     127 
     128  if (G_UNLIKELY (!box->bitmap.buffer)) { 
     129    g_slice_free (PangoFT2RenderedGlyph, box); 
     130    return NULL; 
     131  } 
    127132 
    128133  /* draw the box */ 
    129134  for (j = 0; j < line_width; j++) 
    pango_ft2_font_render_glyph (PangoFont *font, 
    226231      rendered->bitmap_left = face->glyph->bitmap_left; 
    227232      rendered->bitmap_top = face->glyph->bitmap_top; 
    228233 
     234      if (G_UNLIKELY (!rendered->bitmap.buffer)) { 
     235        g_slice_free (PangoFT2RenderedGlyph, rendered); 
     236        return NULL; 
     237      } 
     238 
    229239      return rendered; 
    230240    } 
    231241  else 
    pango_ft2_renderer_draw_glyph (PangoRenderer *renderer, 
    276286  if (rendered_glyph == NULL) 
    277287    { 
    278288      rendered_glyph = pango_ft2_font_render_glyph (font, glyph); 
     289      if (rendered_glyph == NULL) 
     290        return; 
    279291      add_glyph_to_cache = TRUE; 
    280292    } 
    281293 
Note: See TracBrowser for help on using the repository browser.