--- /dev/null
+From 048a91e2682c1a8936ae34dbc7bd70291ec05410 Mon Sep 17 00:00:00 2001
+From: Skef Iterum <unknown>
+Date: Mon, 6 Jan 2020 03:05:06 -0800
+Subject: [PATCH] Fix for #4084 Use-after-free (heap) in the
+ SFD_GetFontMetaData() function Fix for #4086 NULL pointer dereference in the
+ SFDGetSpiros() function Fix for #4088 NULL pointer dereference in the
+ SFD_AssignLookups() function Add empty sf->fontname string if it isn't set,
+ fixing #4089 #4090 and many other potential issues (many downstream calls
+ to strlen() on the value).
+
+---
+ fontforge/sfd.c | 19 ++++++++++++++-----
+ fontforge/sfd1.c | 2 +-
+ 2 files changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/fontforge/sfd.c b/fontforge/sfd.c
+index 731be201e0..e8ca39ba83 100644
+--- a/fontforge/sfd.c
++++ b/fontforge/sfd.c
+@@ -4032,13 +4032,16 @@ static void SFDGetSpiros(FILE *sfd,SplineSet *cur) {
+ while ( fscanf(sfd,"%lg %lg %c", &cp.x, &cp.y, &cp.ty )==3 ) {
+ if ( cur!=NULL ) {
+ if ( cur->spiro_cnt>=cur->spiro_max )
+- cur->spiros = realloc(cur->spiros,(cur->spiro_max+=10)*sizeof(spiro_cp));
++ cur->spiros = realloc(cur->spiros,
++ (cur->spiro_max+=10)*sizeof(spiro_cp));
+ cur->spiros[cur->spiro_cnt++] = cp;
+ }
+ }
+- if ( cur!=NULL && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) {
++ if ( cur!=NULL && cur->spiro_cnt>0
++ && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) {
+ if ( cur->spiro_cnt>=cur->spiro_max )
+- cur->spiros = realloc(cur->spiros,(cur->spiro_max+=1)*sizeof(spiro_cp));
++ cur->spiros = realloc(cur->spiros,
++ (cur->spiro_max+=1)*sizeof(spiro_cp));
+ memset(&cur->spiros[cur->spiro_cnt],0,sizeof(spiro_cp));
+ cur->spiros[cur->spiro_cnt++].ty = SPIRO_END;
+ }
+@@ -7992,10 +7995,12 @@ bool SFD_GetFontMetaData( FILE *sfd,
+ else if ( strmatch(tok,"LayerCount:")==0 )
+ {
+ d->had_layer_cnt = true;
+- getint(sfd,&sf->layer_cnt);
+- if ( sf->layer_cnt>2 ) {
++ int layer_cnt_tmp;
++ getint(sfd,&layer_cnt_tmp);
++ if ( layer_cnt_tmp>2 ) {
+ sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo));
+ memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo));
++ sf->layer_cnt = layer_cnt_tmp;
+ }
+ }
+ else if ( strmatch(tok,"Layer:")==0 )
+@@ -8948,6 +8953,10 @@ exit( 1 );
+ }
+ }
+
++ // Many downstream functions assume this isn't NULL (use strlen, etc.)
++ if ( sf->fontname==NULL)
++ sf->fontname = copy("");
++
+ if ( fromdir )
+ sf = SFD_FigureDirType(sf,tok,dirname,enc,remap,had_layer_cnt);
+ else if ( sf->subfontcnt!=0 ) {
+diff --git a/fontforge/sfd1.c b/fontforge/sfd1.c
+index cf931059d0..b42f832678 100644
+--- a/fontforge/sfd1.c
++++ b/fontforge/sfd1.c
+@@ -674,7 +674,7 @@ void SFD_AssignLookups(SplineFont1 *sf) {
+
+ /* Fix up some gunk from really old versions of the sfd format */
+ SFDCleanupAnchorClasses(&sf->sf);
+- if ( sf->sf.uni_interp==ui_unset )
++ if ( sf->sf.uni_interp==ui_unset && sf->sf.map!=NULL )
+ sf->sf.uni_interp = interp_from_encoding(sf->sf.map->enc,ui_none);
+
+ /* Fixup for an old bug */
--- /dev/null
+# Copyright 2004-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{2_7,3_{6,7}} )
+
+inherit python-single-r1 xdg
+
+DESCRIPTION="postscript font editor and converter"
+HOMEPAGE="http://fontforge.github.io/"
+SRC_URI="https://github.com/fontforge/fontforge/releases/download/${PV}/fontforge-${PV}.tar.gz"
+
+LICENSE="BSD GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
+IUSE="cairo truetype-debugger gif gtk jpeg png +python readline test tiff svg unicode X"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="
+ cairo? ( png )
+ gtk? ( cairo )
+ python? ( ${PYTHON_REQUIRED_USE} )
+ test? ( png python )
+"
+
+RDEPEND="
+ dev-libs/glib
+ dev-libs/libltdl:0
+ dev-libs/libxml2:2=
+ >=media-libs/freetype-2.3.7:2=
+ cairo? (
+ >=x11-libs/cairo-1.6:0=
+ x11-libs/pango:0=
+ )
+ gif? ( media-libs/giflib:0= )
+ jpeg? ( virtual/jpeg:0 )
+ png? ( media-libs/libpng:0= )
+ tiff? ( media-libs/tiff:0= )
+ truetype-debugger? ( >=media-libs/freetype-2.3.8:2[fontforge,-bindist(-)] )
+ gtk? ( >=x11-libs/gtk+-3.10:3 )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:0= )
+ unicode? ( media-libs/libuninameslist:0= )
+ X? (
+ x11-libs/libX11:0=
+ x11-libs/libXi:0=
+ >=x11-libs/pango-1.10:0=[X]
+ )
+ !media-gfx/pfaedit
+"
+DEPEND="${RDEPEND}
+ X? ( x11-base/xorg-proto )
+"
+BDEPEND="
+ sys-devel/gettext
+ virtual/pkgconfig
+"
+
+# Needs keywording on many arches.
+# zeromq? (
+# >=net-libs/czmq-2.2.0:0=
+# >=net-libs/zeromq-4.0.4:0=
+# )
+
+PATCHES=(
+ "${FILESDIR}"/20170731-gethex-unaligned.patch
+ "${FILESDIR}"/CVE-2020-5395.patch
+)
+
+pkg_setup() {
+ use python && python-single-r1_pkg_setup
+}
+
+src_configure() {
+ local myeconfargs=(
+ --disable-static
+ $(use_enable truetype-debugger freetype-debugger "${EPREFIX}/usr/include/freetype2/internal4fontforge")
+ $(use_enable python python-extension)
+ $(use_enable python python-scripting)
+ --enable-tile-path
+ $(use_with cairo)
+ $(use_with gif giflib)
+ $(use_with jpeg libjpeg)
+ $(use_with png libpng)
+ $(use_with readline libreadline)
+ --without-libspiro
+ $(use_with tiff libtiff)
+ $(use_with unicode libuninameslist)
+ $(use_with X x)
+ )
+ if use gtk; then
+ # broken AC_ARG_ENABLE usage
+ # https://bugs.gentoo.org/681550
+ myeconfargs+=( --enable-gdk=gdk3 )
+ fi
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ docompress -x /usr/share/doc/${PF}/html
+ einstalldocs
+ find "${ED}" -name '*.la' -type f -delete || die
+}
projects / gentoo.git / commitdiff