From 13db0fa82f247b8811e8462f7ca3d4b096ea98a6a3000fd3c1954ae613d97359 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= <bjorn.lie@gmail.com>
Date: Tue, 24 Jul 2018 09:36:02 +0000
Subject: [PATCH] Add upstream patch

OBS-URL: https://build.opensuse.org/package/show/M17N/woff2?expand=0&rev=8
---
 woff2-fix-overflow-when-decoding-glyf.patch | 47 +++++++++++++++++++++
 woff2.changes                               |  2 +
 woff2.spec                                  |  4 +-
 3 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 woff2-fix-overflow-when-decoding-glyf.patch

diff --git a/woff2-fix-overflow-when-decoding-glyf.patch b/woff2-fix-overflow-when-decoding-glyf.patch
new file mode 100644
index 0000000..31c10a4
--- /dev/null
+++ b/woff2-fix-overflow-when-decoding-glyf.patch
@@ -0,0 +1,47 @@
+From 3831354113db8803fb1f5ba196cf0bbb537578dd Mon Sep 17 00:00:00 2001
+From: Garret Rieger <grieger@google.com>
+Date: Thu, 31 May 2018 17:54:06 -0700
+Subject: [PATCH] [subset] Check for overflow when decoding glyf.
+
+---
+ src/woff2_dec.cc | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/src/woff2_dec.cc b/src/woff2_dec.cc
+index 8186c8e..25e18c6 100644
+--- a/src/woff2_dec.cc
++++ b/src/woff2_dec.cc
+@@ -111,6 +111,16 @@ int WithSign(int flag, int baseval) {
+   return (flag & 1) ? baseval : -baseval;
+ }
+ 
++bool _SafeIntAddition(int a, int b, int* result) {
++  if (PREDICT_FALSE(
++          ((a > 0) && (b > std::numeric_limits<int>::max() - a)) ||
++          ((a < 0) && (b < std::numeric_limits<int>::min() - a)))) {
++    return false;
++  }
++  *result = a + b;
++  return true;
++}
++
+ bool TripletDecode(const uint8_t* flags_in, const uint8_t* in, size_t in_size,
+     unsigned int n_points, Point* result, size_t* in_bytes_consumed) {
+   int x = 0;
+@@ -166,9 +176,12 @@ bool TripletDecode(const uint8_t* flags_in, const uint8_t* in, size_t in_size,
+           (in[triplet_index + 2] << 8) + in[triplet_index + 3]);
+     }
+     triplet_index += n_data_bytes;
+-    // Possible overflow but coordinate values are not security sensitive
+-    x += dx;
+-    y += dy;
++    if (!_SafeIntAddition(x, dx, &x)) {
++      return false;
++    }
++    if (!_SafeIntAddition(y, dy, &y)) {
++      return false;
++    }
+     *result++ = {x, y, on_curve};
+   }
+   *in_bytes_consumed = triplet_index;
+
diff --git a/woff2.changes b/woff2.changes
index 465025e..c57bcc1 100644
--- a/woff2.changes
+++ b/woff2.changes
@@ -1,6 +1,8 @@
 -------------------------------------------------------------------
 Tue Jul 24 08:57:10 UTC 2018 - bjorn.lie@gmail.com
 
+- Add woff2-fix-overflow-when-decoding-glyf.patch: Check for
+  overflow when decoding glyf.
 - Add libwoff2dec1_0_2 and libwoff2enc1_0_2 to baselibs.conf too.
 
 -------------------------------------------------------------------
diff --git a/woff2.spec b/woff2.spec
index 5aafdac..7ee4229 100644
--- a/woff2.spec
+++ b/woff2.spec
@@ -27,6 +27,8 @@ Group:          Development/Libraries/C and C++
 URL:            https://github.com/google/woff2
 Source0:        https://github.com/google/woff2/archive/v%{version}/%{name}-%{version}.tar.gz
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM woff2-fix-overflow-when-decoding-glyf.patch -- Check for overflow when decoding glyf
+Patch0:         woff2-fix-overflow-when-decoding-glyf.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@@ -97,7 +99,7 @@ efficiently package fonts linked to Web documents by means of CSS
 This package contains development files for %{name}.
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
 %cmake \