Your message dated Tue, 25 Mar 2025 17:21:18 +0000
with message-id <[email protected]>
and subject line Bug#785795: fixed in sfnt2woff-zopfli 1.3.1-2
has caused the Debian Bug report #785795,
regarding sfnt2woff: out-of-bounds read
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
785795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785795
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: woff-tools
Version: 2009.10.04-1
Usertags: afl
sfnt2woff crashes on the attached file:
$ sfnt2woff crash.otf
Segmentation fault
GDB says it's an out-of-bound read:
Program received signal SIGSEGV, Segmentation fault.
0x0804964e in woffEncode (sfntData=0x804e170 "OTTO", sfntLen=2088,
majorVersion=0, minorVersion=0, woffLen=0xffffd700, pStatus=0xffffd708) at woff.c:197
197 if (checkSumAdjustment != READ32BE(head->checkSumAdjustment)) {
(gdb) print head->checkSumAdjustment
Cannot access memory at address 0xd980e934
(gdb) bt
#0 0x0804964e in woffEncode (sfntData=0x804e170 "OTTO", sfntLen=2088,
majorVersion=0, minorVersion=0, woffLen=0xffffd700, pStatus=0xffffd708) at woff.c:197
#1 0x08048cd8 in main (argc=1, argv=0xffffd808) at sfnt2woff.c:143
Is guess the root cause is lack of bounds check in woff.c:180:
head = (const sfntHeadTable *)(sfntData +
READ32BE(sfntDir[tableIndex].offset));
This bug was found using American fuzzy lop:
http://lcamtuf.coredump.cx/afl/
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages woff-tools depends on:
ii libc6 2.19-18
ii zlib1g 1:1.2.8.dfsg-2+b1
--
Jakub Wilk
crash.otf
Description: application/font-sfnt
--- End Message ---
--- Begin Message ---
Source: sfnt2woff-zopfli
Source-Version: 1.3.1-2
Done: Bastian Germann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sfnt2woff-zopfli, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <[email protected]> (supplier of updated sfnt2woff-zopfli package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Mar 2025 18:04:23 +0100
Source: sfnt2woff-zopfli
Architecture: source
Version: 1.3.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Fonts Task Force <[email protected]>
Changed-By: Bastian Germann <[email protected]>
Closes: 785795 1091283
Changes:
sfnt2woff-zopfli (1.3.1-2) unstable; urgency=medium
.
* Team upload
* Conform to the tpyes of ZopfliCompress API (Closes: #1091283)
.
[ наб ]
* d/rules: replace override_dh_auto_install with d/sfnt2woff-zopfli.install
* Provide bin:woff-tools as a transitional package,
with compat links in sfnt2woff-zopfli
* Rebase patches from src:woff-tools
* Fix segfault due to out-of-bounds read (Closes: #785795)
* Link to system zopfli instead of building embedded copy
Checksums-Sha1:
0ae78e5803c1ebf8ea17ec02f919fb31e4fc5c8a 1942 sfnt2woff-zopfli_1.3.1-2.dsc
6d0cebf5fe0a98a93bb511117e62b2f7e9132911 5880
sfnt2woff-zopfli_1.3.1-2.debian.tar.xz
6c8bc5970bb36f1f5a36ff6a4bd3f3a3b21f208a 5333
sfnt2woff-zopfli_1.3.1-2_source.buildinfo
Checksums-Sha256:
7bf013800025ef67261c6a2fbcb1dadd4fb6127244b8e7154b37a8c9e794a8e5 1942
sfnt2woff-zopfli_1.3.1-2.dsc
53e94d08d0f778eaae2a53103de637097fcbe18b933f111aaf65533b9abca44e 5880
sfnt2woff-zopfli_1.3.1-2.debian.tar.xz
78fbcb05729b17ad5a004ae288ae10092644d5e9a7d96538e4ffdbc1bf3d1849 5333
sfnt2woff-zopfli_1.3.1-2_source.buildinfo
Files:
6fdd0d739afb8c002001b71be48a83c6 1942 fonts optional
sfnt2woff-zopfli_1.3.1-2.dsc
1a5baa41e457b0fcec03161f52554dcb 5880 fonts optional
sfnt2woff-zopfli_1.3.1-2.debian.tar.xz
75c8a4ddfafbc46b705b2c8198fb5825 5333 fonts optional
sfnt2woff-zopfli_1.3.1-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmfi4uEQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFA1BDADgfKa1BQZIqIqbMWiXAUwz89+3uzM9zYFi
X8dSSbD5ee8XJ9PEh2innHzviKWxpO4iTrGl012CM9h93ABaqKqNHXCDu7Ic7Tl4
2enMkWKMutjKXGnh9WQH6rZVaxWSvquOvqQg0iOtkyRzqWcNs5+WMUcw6MZQuJkH
c4l6Wh6UxEUm/idJHKaphZaMka58bJ5nepGdnk/v7QVJ2No9AvmRPdzHmL03zJJz
HUw5Zz/23PaCvYIhuvBRscm/XK/Ba5/fcZo14Fk3nuYgU+sPpotFEhaeelY6vOYX
PIqBqwTbuIWxv172Nfb/1Q/aQ1X9hty/LKyEJ3MSggYkYMsNEErTOLhheEa49jlk
BZlJQdsqEefqGOxAInQVPspfh/xoYMsmXSWGp9RsW07Hdgpv+Leg8zVMXU4b7ZrD
6OyHT1Ez45qUBd4SXdVGOn8L6EC4bfPR8IsvHMeBDlGsR45hNiI+v2zCmBTyM8hF
l0h3RswEPQ2tfcS+Zrmn2HaJN+2liUc=
=ixZv
-----END PGP SIGNATURE-----
pgpU9rPPEuGoh.pgp
Description: PGP signature
--- End Message ---
