r26413 - in /desktop/unstable/pango1.0/debian: changelog patches/01_CVE-2011-0020.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Mon Jan 24 20:41:27 UTC 2011
Author: joss
Date: Mon Jan 24 20:41:27 2011
New Revision: 26413
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=26413
Log:
01_CVE-2011-0020.patch: patch from Behdad Esfahbod to fix heap
corruption. Closes: #610792, CVE-2011-0020. LP: #696616.
Added:
desktop/unstable/pango1.0/debian/patches/01_CVE-2011-0020.patch
Modified:
desktop/unstable/pango1.0/debian/changelog
desktop/unstable/pango1.0/debian/patches/series
Modified: desktop/unstable/pango1.0/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/pango1.0/debian/changelog?rev=26413&op=diff
==============================================================================
--- desktop/unstable/pango1.0/debian/changelog [utf-8] (original)
+++ desktop/unstable/pango1.0/debian/changelog [utf-8] Mon Jan 24 20:41:27 2011
@@ -1,3 +1,10 @@
+pango1.0 (1.28.3-2) unstable; urgency=low
+
+ * 01_CVE-2011-0020.patch: patch from Behdad Esfahbod to fix heap
+ corruption. Closes: #610792, CVE-2011-0020. LP: #696616.
+
+ -- Josselin Mouette <joss at debian.org> Mon, 24 Jan 2011 21:39:46 +0100
+
pango1.0 (1.28.3-1) unstable; urgency=low
* New upstream stable release.
Added: desktop/unstable/pango1.0/debian/patches/01_CVE-2011-0020.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/pango1.0/debian/patches/01_CVE-2011-0020.patch?rev=26413&op=file
==============================================================================
--- desktop/unstable/pango1.0/debian/patches/01_CVE-2011-0020.patch (added)
+++ desktop/unstable/pango1.0/debian/patches/01_CVE-2011-0020.patch [utf-8] Mon Jan 24 20:41:27 2011
@@ -1,0 +1,47 @@
+CVE-2011-0020
+Debian #610792
+Launchpad #696616
+GNOME #639882
+
+diff --git a/pango/pangoft2-render.c b/pango/pangoft2-render.c
+index bd3b7d4..42923f4 100644
+--- a/pango/pangoft2-render.c
++++ b/pango/pangoft2-render.c
+@@ -121,9 +121,14 @@ pango_ft2_font_render_box_glyph (int width,
+
+ box->bitmap.width = width;
+ box->bitmap.rows = height;
+- box->bitmap.pitch = height;
++ box->bitmap.pitch = width;
+
+- box->bitmap.buffer = g_malloc0 (box->bitmap.rows * box->bitmap.pitch);
++ box->bitmap.buffer = g_malloc0_n (box->bitmap.rows, box->bitmap.pitch);
++
++ if (G_UNLIKELY (!box->bitmap.buffer)) {
++ g_slice_free (PangoFT2RenderedGlyph, box);
++ return NULL;
++ }
+
+ /* draw the box */
+ for (j = 0; j < line_width; j++)
+@@ -226,6 +231,11 @@ pango_ft2_font_render_glyph (PangoFont *font,
+ rendered->bitmap_left = face->glyph->bitmap_left;
+ rendered->bitmap_top = face->glyph->bitmap_top;
+
++ if (G_UNLIKELY (!rendered->bitmap.buffer)) {
++ g_slice_free (PangoFT2RenderedGlyph, rendered);
++ return NULL;
++ }
++
+ return rendered;
+ }
+ else
+@@ -276,6 +286,8 @@ pango_ft2_renderer_draw_glyph (PangoRenderer *renderer,
+ if (rendered_glyph == NULL)
+ {
+ rendered_glyph = pango_ft2_font_render_glyph (font, glyph);
++ if (rendered_glyph == NULL)
++ return;
+ add_glyph_to_cache = TRUE;
+ }
+
Modified: desktop/unstable/pango1.0/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/pango1.0/debian/patches/series?rev=26413&op=diff
==============================================================================
--- desktop/unstable/pango1.0/debian/patches/series [utf-8] (original)
+++ desktop/unstable/pango1.0/debian/patches/series [utf-8] Mon Jan 24 20:41:27 2011
@@ -1,3 +1,4 @@
+01_CVE-2011-0020.patch
10_scan-module-files-in-dirs.patch
11_module-files-append-module-files-d.patch
12_module-files-append-compat-module-files-d.patch
More information about the pkg-gnome-commits
mailing list