[PATCH:libXfont] bdfReadCharacters: Allow negative DWIDTH values
Benjamin Tissoires
benjamin.tissoires at gmail.com
Mon Jul 13 11:43:06 PDT 2015
The fix for CVE-2015-1804 prevent DWIDTH to be negative.
However, the spec states that "DWIDTH [...] is a vector indicating the
position of the next glyph’s origin relative to the origin of this glyph."
So negative values are correct.
Found by trying to compile XTS.
Signed-off-by: Benjamin Tissoires <benjamin.tissoires at gmail.com>
---
src/bitmap/bdfread.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c
index a0ace8f..eccd7b7 100644
--- a/src/bitmap/bdfread.c
+++ b/src/bitmap/bdfread.c
@@ -426,7 +426,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState,
goto BAILOUT;
}
/* xCharInfo metrics are stored as INT16 */
- if ((wx < 0) || (wx > INT16_MAX)) {
+ if ((wx < INT16_MIN) || (wx > INT16_MAX)) {
bdfError("character '%s' has out of range width, %d\n",
charName, wx);
goto BAILOUT;
--
2.4.3
More information about the xorg-devel
mailing list