Accepting request 356012 from M17N

- do not crash on invalid input data (when eof reached) [bsc#963023] + fontforge-eof-crash.patch OBS-URL: https://build.opensuse.org/request/show/356012 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fontforge?expand=0&rev=43
2016-01-30 10:31:13 +00:00 · 2016-01-30 10:31:13 +00:00 · 54f2fe3ae0
commit 54f2fe3ae0
parent 40e3328f8e dd8e6dedab
3 changed files with 26 additions and 1 deletions
--- a/fontforge-eof-crash.patch
+++ b/fontforge-eof-crash.patch
@ -0,0 +1,16 @@
+Index: fontforge/parsettf.c
+===================================================================
+--- fontforge/parsettf.c.orig	2016-01-26 09:01:44.025472518 +0100
+++ fontforge/parsettf.c	2016-01-26 09:04:24.853470665 +0100
+@@ -5185,7 +5185,10 @@
+ 	    /* the index table is backwards from the way I want to use it */
+ 	    gcbig = 0;
+ 	    for ( i=0; i<gc; ++i ) {
+-		indexes[val = getushort(ttf)] = i;
+		val = getushort(ttf);
+		if ( val<0 )            /* Don't crash on EOF */
+	    break;
+		indexes[val] = i;
+ 		if ( val>=258 ) ++gcbig;
+ 	    }
+ 
--- a/fontforge.changes
+++ b/fontforge.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Jan 26 08:10:44 UTC 2016 - pgajdos@suse.com
+
+- do not crash on invalid input data (when eof reached) [bsc#963023]
+  + fontforge-eof-crash.patch
+
 -------------------------------------------------------------------
 Wed Dec 16 14:03:36 UTC 2015 - pgajdos@suse.com

--- a/fontforge.spec
+++ b/fontforge.spec
@ -1,7 +1,7 @@
 #
 # spec file for package fontforge
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -32,6 +32,8 @@ Patch0:         propagate-creation-and-modification-times-to-ttf.patch
 # workardound for bug 930076, imho upstream should fix this
 # https://github.com/fontforge/fontforge/issues/2270
 Patch1:         fontforge-version.patch
+# https://github.com/fontforge/fontforge/pull/2613, bsc#963023
+Patch2:         fontforge-eof-crash.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  cairo-devel
@ -99,6 +101,7 @@ to develop applications that use FontForge libraries.
 %setup -q
 %patch0 -p1
 %patch1
+%patch2
 sed -i 's/\r$//' doc/html/{Big5.txt,corpchar.txt}
 # workaround for bug 930076; we just need the _version_of_the_release_! (see also fontforge-version.patch) ---
 grep 'doversion(FONTFORGE_MODTIME_STR)' fontforgeexe/startnoui.c && \