[PATCH:libXfont] bdfReadCharacters: Allow negative DWIDTH values
Peter Hutterer
peter.hutterer at who-t.net
Tue Jul 14 11:37:24 PDT 2015
On Mon, Jul 13, 2015 at 02:43:06PM -0400, Benjamin Tissoires wrote:
> The fix for CVE-2015-1804 prevent DWIDTH to be negative.
> However, the spec states that "DWIDTH [...] is a vector indicating the
> position of the next glyph’s origin relative to the origin of this glyph."
>
> So negative values are correct.
>
> Found by trying to compile XTS.
>
> Signed-off-by: Benjamin Tissoires <benjamin.tissoires at gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
Cheers,
Peter
> ---
> src/bitmap/bdfread.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c
> index a0ace8f..eccd7b7 100644
> --- a/src/bitmap/bdfread.c
> +++ b/src/bitmap/bdfread.c
> @@ -426,7 +426,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState,
> goto BAILOUT;
> }
> /* xCharInfo metrics are stored as INT16 */
> - if ((wx < 0) || (wx > INT16_MAX)) {
> + if ((wx < INT16_MIN) || (wx > INT16_MAX)) {
> bdfError("character '%s' has out of range width, %d\n",
> charName, wx);
> goto BAILOUT;
> --
> 2.4.3
More information about the xorg-devel
mailing list