mirror of
https://github.com/openharmony/third_party_freetype.git
synced 2026-07-01 10:22:10 -04:00
[truetype] Prevent signed integer overflow
Signed-off-by: ZacohZhen <kouzhenrong@h-partners.com>
This commit is contained in:
@@ -0,0 +1,21 @@
|
||||
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
|
||||
index 951891d..86894c2 100644
|
||||
--- a/src/truetype/ttinterp.c
|
||||
+++ b/src/truetype/ttinterp.c
|
||||
@@ -5664,11 +5664,11 @@
|
||||
/* single width cut-in test */
|
||||
|
||||
/* |org_dist - single_width_value| < single_width_cutin */
|
||||
- if ( exc->GS.single_width_cutin > 0 &&
|
||||
- org_dist < exc->GS.single_width_value +
|
||||
- exc->GS.single_width_cutin &&
|
||||
- org_dist > exc->GS.single_width_value -
|
||||
- exc->GS.single_width_cutin )
|
||||
+ if ( exc->GS.single_width_cutin > 0 &&
|
||||
+ org_dist < ADD_LONG( exc->GS.single_width_value,
|
||||
+ exc->GS.single_width_cutin ) &&
|
||||
+ org_dist > SUB_LONG( exc->GS.single_width_value,
|
||||
+ exc->GS.single_width_cutin ) )
|
||||
{
|
||||
if ( org_dist >= 0 )
|
||||
org_dist = exc->GS.single_width_value;
|
||||
+3
-1
@@ -40,6 +40,7 @@ def move_file(src_path, dst_path):
|
||||
"backport-freetype-2.10.1-debughook.patch",
|
||||
"backport-freetype-2.12.1-enable-funcs.patch",
|
||||
"CVE-2026-23865.patch",
|
||||
"backport-truetype-signed-integer-overflow.patch",
|
||||
"ftconfig.h"
|
||||
]
|
||||
for file in files:
|
||||
@@ -76,7 +77,8 @@ def do_patch(target_dir):
|
||||
"backport-freetype-2.10.0-internal-outline.patch",
|
||||
"backport-freetype-2.10.1-debughook.patch",
|
||||
"backport-freetype-2.12.1-enable-funcs.patch",
|
||||
"CVE-2026-23865.patch"
|
||||
"CVE-2026-23865.patch",
|
||||
"backport-truetype-signed-integer-overflow.patch"
|
||||
]
|
||||
|
||||
for patch in patch_file:
|
||||
|
||||
Reference in New Issue
Block a user