On Mon, Jul 13, 2015 at 02:43:06PM -0400, Benjamin Tissoires wrote: > The fix for CVE-2015-1804 prevent DWIDTH to be negative. > However, the spec states that "DWIDTH [...] is a vector indicating the > position of the next glyph’s origin relative to the origin of this glyph." > > So negative values are correct. > > Found by trying to compile XTS. > > Signed-off-by: Benjamin Tissoires <[email protected]>
Reviewed-by: Peter Hutterer <[email protected]> Cheers, Peter > --- > src/bitmap/bdfread.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c > index a0ace8f..eccd7b7 100644 > --- a/src/bitmap/bdfread.c > +++ b/src/bitmap/bdfread.c > @@ -426,7 +426,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, > bdfFileState *pState, > goto BAILOUT; > } > /* xCharInfo metrics are stored as INT16 */ > - if ((wx < 0) || (wx > INT16_MAX)) { > + if ((wx < INT16_MIN) || (wx > INT16_MAX)) { > bdfError("character '%s' has out of range width, %d\n", > charName, wx); > goto BAILOUT; > -- > 2.4.3 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
