diff --git a/freetype-2.12.0-cff_slot_load-segfault.patch b/freetype-2.12.0-cff_slot_load-segfault.patch new file mode 100644 index 0000000..c0c1796 --- /dev/null +++ b/freetype-2.12.0-cff_slot_load-segfault.patch @@ -0,0 +1,32 @@ +From 978eefee5401abee6bf702c6bcde9afb47893145 Mon Sep 17 00:00:00 2001 +From: Georg Brandl +Date: Tue, 12 Apr 2022 11:43:37 +0000 +Subject: [PATCH] * src/cff/cffgload.c (cff_slot_load) [FT_CONFIG_OPTION_SVG]: + Fix segfault. +References: boo#1198497 + +This can happen if the function is called with `size` being `NULL`. + +Fixes #1147. +--- + src/cff/cffgload.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c +index 5c15c804b..7586b886f 100644 +--- a/src/cff/cffgload.c ++++ b/src/cff/cffgload.c +@@ -370,8 +370,8 @@ + SFNT_Service sfnt; + + +- if ( size->root.metrics.x_ppem < 1 || +- size->root.metrics.y_ppem < 1 ) ++ if ( size && (size->root.metrics.x_ppem < 1 || ++ size->root.metrics.y_ppem < 1 ) ) + { + error = FT_THROW( Invalid_Size_Handle ); + return error; +-- +2.35.1 + diff --git a/freetype2.changes b/freetype2.changes index fca2325..d90bf0c 100644 --- a/freetype2.changes +++ b/freetype2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Apr 15 17:07:44 UTC 2022 - Andreas Stieger + +- fix segfault in some applications boo#1198497 + add freetype-2.12.0-cff_slot_load-segfault.patch + ------------------------------------------------------------------- Fri Apr 8 17:06:49 UTC 2022 - Dirk Müller diff --git a/freetype2.spec b/freetype2.spec index fd7774a..cac2977 100644 --- a/freetype2.spec +++ b/freetype2.spec @@ -37,6 +37,7 @@ Patch1: don-t-mark-libpng-as-required-library.patch Patch2: enable-long-family-names-by-default.patch Patch3: enable-subpixel-rendering.patch Patch4: enable-infinality-subpixel-hinting.patch +Patch5: freetype-2.12.0-cff_slot_load-segfault.patch BuildRequires: gawk BuildRequires: libbz2-devel BuildRequires: libpng-devel