Skip to content
Permalink
Browse files

fribidi: fix CVE-2019-18397 - Stack buffer overflow

  • Loading branch information...
ra1nb0w authored and mf2k committed Nov 8, 2019
1 parent ab8f2c0 commit 9b015e933c3aeacf42833a2052550608acd8f13c
Showing with 30 additions and 2 deletions.
  1. +6 −2 textproc/fribidi/Portfile
  2. +24 −0 textproc/fribidi/files/CVE-2019-18397.patch
@@ -4,7 +4,7 @@ PortSystem 1.0

PortGroup github 1.0
github.setup fribidi fribidi 1.0.7 v
revision 0
revision 1

categories textproc
license LGPL-2.1+
@@ -28,7 +28,11 @@ depends_build port:pkgconfig
use_autoreconf yes
autoreconf.args -fvi

patchfiles gen.tab_Makefile.am.patch
# remove CVE-2019-18397.patch with the next release
patchfiles \
gen.tab_Makefile.am.patch \
CVE-2019-18397.patch

post-patch {
# git.mk seems to trigger a ./config.status --recheck, which is unnecessary
# and additionally fails due to quoting
@@ -0,0 +1,24 @@
From 034c6e9a1d296286305f4cfd1e0072b879f52568 Mon Sep 17 00:00:00 2001
From: Dov Grobgeld <dov.grobgeld@gmail.com>
Date: Thu, 24 Oct 2019 09:37:29 +0300
Subject: [PATCH] Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL

---
lib/fribidi-bidi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c
index 6c84392..d384878 100644
--- lib/fribidi-bidi.c
+++ lib/fribidi-bidi.c
@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex (
}

RL_LEVEL (pp) = level;
- RL_ISOLATE_LEVEL (pp) = isolate_level++;
+ RL_ISOLATE_LEVEL (pp) = isolate_level;
+ if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1)
+ isolate_level++;
base_level_per_iso_level[isolate_level] = new_level;

if (!FRIBIDI_IS_NEUTRAL (override))

0 comments on commit 9b015e9

Please sign in to comment.
You can’t perform that action at this time.