[Fontconfig-bugs] [Bug 96676] New: Check range of FcWeightFromOpenType argument.
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Jun 25 17:14:15 UTC 2016
https://bugs.freedesktop.org/show_bug.cgi?id=96676
Bug ID: 96676
Summary: Check range of FcWeightFromOpenType argument.
Product: fontconfig
Version: 2.11
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: library
Assignee: fontconfig-bugs at lists.freedesktop.org
Reporter: tobias at stoeckmann.org
QA Contact: freedesktop at behdad.org
Created attachment 124719
--> https://bugs.freedesktop.org/attachment.cgi?id=124719&action=edit
patch to fix this issue
The argument to FcWeightToOpenType is already properly upper bounded,
but the same check should be done in FcWeightFromOpenType, too.
This fixes an out of boundary access while iterating over array on
malicious font input.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/fontconfig-bugs/attachments/20160625/b23a65fd/attachment.html>
More information about the Fontconfig-bugs
mailing list