Re: [ft-devel] Fix for CVE-2010-3311

[İsmail Dönmez]

Hi;

On Fri, Jun 24, 2011 at 6:11 PM, Werner LEMBERG <address@hidden> wrote:

> I am trying to audit our local patches to freetype2 in openSUSE to
> reduce the number of patches we apply. I noticed that fix for
> CVE-2010-3311 [0] is not applied to upstream freetype source.
> Attached is the fix for the issue with the demo CFF file.
>
> It would be nice to get this fixed so we can drop this patch.
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311

Hmm, in

 https://bugzilla.redhat.com/show_bug.cgi?id=623625

I read this:

 Affected versions: freetype-2.3 and before that.  Latest upstream
 version (2.4) is not affected.

Actually, I remember this CVE...  And indeed, comment #39 says:

 The following upstream commit fixes this problem in freetype 2.4.x:

 commit 75787c19eab20874c5d588842c52e59cfbd9302a
 Author: Werner Lemberg <address@hidden>
 Date:   Sat Jun 26 09:24:08 2010 +0200

   Add some memory checks (mainly for debugging).

   * src/base/ftstream.c (FT_Stream_EnterFrame): Exit with error
   if the frame size is larger than the stream size.

   * src/base/ftsystem.c (ft_ansi_stream_io): Exit with error if
   seeking a position larger than the stream size.

:-)

Very nice, another useless patch to drop. Thanks!

ismail