Commit | Line | Data |
---|---|---|
bc16eacc MW |
1 | Copied from Debian. |
2 | ||
3 | From: Carlos Garcia Campos <cgarcia@igalia.com> | |
4 | Date: Mon, 19 Nov 2018 12:33:07 +0100 | |
5 | Subject: ft: Use FT_Done_MM_Var instead of free when available in | |
6 | cairo_ft_apply_variations | |
7 | ||
8 | Fixes a crash when using freetype >= 2.9 | |
9 | ||
10 | [This is considered to be security-sensitive because WebKitGTK+ sets its | |
11 | own memory allocator, which is not compatible with system free(), making | |
12 | this a remotely triggerable denial of service or memory corruption.] | |
13 | ||
14 | Origin: upstream, commit:90e85c2493fdfa3551f202ff10282463f1e36645 | |
15 | Bug: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5 | |
16 | Bug-Debian: https://bugs.debian.org/916389 | |
17 | Bug-CVE: CVE-2018-19876 | |
18 | --- | |
19 | src/cairo-ft-font.c | 4 ++++ | |
20 | 1 file changed, 4 insertions(+) | |
21 | ||
22 | diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c | |
23 | index 325dd61..981973f 100644 | |
24 | --- a/src/cairo-ft-font.c | |
25 | +++ b/src/cairo-ft-font.c | |
26 | @@ -2393,7 +2393,11 @@ skip: | |
27 | done: | |
28 | free (coords); | |
29 | free (current_coords); | |
30 | +#if HAVE_FT_DONE_MM_VAR | |
31 | + FT_Done_MM_Var (face->glyph->library, ft_mm_var); | |
32 | +#else | |
33 | free (ft_mm_var); | |
34 | +#endif | |
35 | } | |
36 | } | |
37 |