Hello community, here is the log from the commit of package woff2 for openSUSE:Factory checked in at 2018-07-28 12:38:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/woff2 (Old) and /work/SRC/openSUSE:Factory/.woff2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "woff2" Sat Jul 28 12:38:27 2018 rev:3 rq:624988 version:1.0.2 Changes: -------- --- /work/SRC/openSUSE:Factory/woff2/woff2.changes 2018-07-18 22:35:35.482609953 +0200 +++ /work/SRC/openSUSE:Factory/.woff2.new/woff2.changes 2018-07-28 12:38:29.452205423 +0200 @@ -1,0 +2,7 @@ +Tue Jul 24 08:57:10 UTC 2018 - [email protected] + +- Add woff2-fix-overflow-when-decoding-glyf.patch: Check for + overflow when decoding glyf. +- Add libwoff2dec1_0_2 and libwoff2enc1_0_2 to baselibs.conf too. + +------------------------------------------------------------------- New: ---- woff2-fix-overflow-when-decoding-glyf.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ woff2.spec ++++++ --- /var/tmp/diff_new_pack.o5UaQs/_old 2018-07-28 12:38:30.096206660 +0200 +++ /var/tmp/diff_new_pack.o5UaQs/_new 2018-07-28 12:38:30.100206667 +0200 @@ -27,6 +27,8 @@ URL: https://github.com/google/woff2 Source0: https://github.com/google/woff2/archive/v%{version}/%{name}-%{version}.tar.gz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM woff2-fix-overflow-when-decoding-glyf.patch -- Check for overflow when decoding glyf +Patch0: woff2-fix-overflow-when-decoding-glyf.patch BuildRequires: cmake BuildRequires: gcc-c++ @@ -97,7 +99,7 @@ This package contains development files for %{name}. %prep -%autosetup +%autosetup -p1 %build %cmake \ ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.o5UaQs/_old 2018-07-28 12:38:30.128206721 +0200 +++ /var/tmp/diff_new_pack.o5UaQs/_new 2018-07-28 12:38:30.128206721 +0200 @@ -1 +1,3 @@ libwoff2common1_0_2 +libwoff2dec1_0_2 +libwoff2enc1_0_2 ++++++ woff2-fix-overflow-when-decoding-glyf.patch ++++++ >From 3831354113db8803fb1f5ba196cf0bbb537578dd Mon Sep 17 00:00:00 2001 From: Garret Rieger <[email protected]> Date: Thu, 31 May 2018 17:54:06 -0700 Subject: [PATCH] [subset] Check for overflow when decoding glyf. --- src/woff2_dec.cc | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/woff2_dec.cc b/src/woff2_dec.cc index 8186c8e..25e18c6 100644 --- a/src/woff2_dec.cc +++ b/src/woff2_dec.cc @@ -111,6 +111,16 @@ int WithSign(int flag, int baseval) { return (flag & 1) ? baseval : -baseval; } +bool _SafeIntAddition(int a, int b, int* result) { + if (PREDICT_FALSE( + ((a > 0) && (b > std::numeric_limits<int>::max() - a)) || + ((a < 0) && (b < std::numeric_limits<int>::min() - a)))) { + return false; + } + *result = a + b; + return true; +} + bool TripletDecode(const uint8_t* flags_in, const uint8_t* in, size_t in_size, unsigned int n_points, Point* result, size_t* in_bytes_consumed) { int x = 0; @@ -166,9 +176,12 @@ bool TripletDecode(const uint8_t* flags_in, const uint8_t* in, size_t in_size, (in[triplet_index + 2] << 8) + in[triplet_index + 3]); } triplet_index += n_data_bytes; - // Possible overflow but coordinate values are not security sensitive - x += dx; - y += dy; + if (!_SafeIntAddition(x, dx, &x)) { + return false; + } + if (!_SafeIntAddition(y, dy, &y)) { + return false; + } *result++ = {x, y, on_curve}; } *in_bytes_consumed = triplet_index;
