Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Nathan Owens <ndowens04@gmail.com>
- Loading branch information
Showing
2 changed files
with
64 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
From 35233450c922787dad42321e359e5229ff470a1e Mon Sep 17 00:00:00 2001 | ||
From: Joe Da Silva <digital@joescat.com> | ||
Date: Sat, 21 Dec 2019 13:10:22 -0800 | ||
Subject: [PATCH] CVE-2019-19847, Stack-based buffer overflow in the | ||
spiro_to_bpath0() | ||
|
||
Frederic Cambus (@fcambus) discovered a bug in call-test.c using: | ||
./configure CFLAGS="-fsanitize=address" | ||
make | ||
./tests/call-test[14,15,16,17,18,19] | ||
Fredrick Brennan (@ctrlcctrlv) provided bugfix. See issue #21 | ||
--- | ||
configure.ac | 7 ++++++- | ||
tests/call-test.c | 4 ++-- | ||
3 files changed, 10 insertions(+), 3 deletions(-) | ||
|
||
diff --git configure.ac configure.ac | ||
index 8a44d04..e77ce17 100644 | ||
--- configure.ac | ||
+++ configure.ac | ||
@@ -50,7 +50,7 @@ m4_define([spiro_age], [0]) | ||
m4_define([spiro_libver],[spiro_current:spiro_revision:spiro_age]) | ||
|
||
m4_define([spiro_package_name], [libspiro]) | ||
- | ||
+ | ||
AC_INIT([spiro],[spiro_package_stamp],[fontforge-devel@lists.sourceforge.net], | ||
[spiro_package_name],[https://github.com/fontforge/libspiro]) | ||
|
||
@@ -236,6 +236,11 @@ dnl AX_CHECK_COMPILE_FLAG([-Wcast-qual],[WCFLAGS="$WCFLAGS -Wcast-qual"]) | ||
dnl AX_CHECK_COMPILE_FLAG([-Wcast-align],[WCFLAGS="$WCFLAGS -Wcast-align"]) | ||
dnl AX_CHECK_COMPILE_FLAG([-Wpadded],[WCFLAGS="$WCFLAGS -Wpadded"]) | ||
dnl AX_CHECK_COMPILE_FLAG([-Woverlength-strings],[WCFLAGS="$WCFLAGS -Woverlength-strings"]) | ||
+ | ||
+dnl NOTE: -fsanitize has to be first library | ||
+dnl and will also conflict with other checks | ||
+dnl like valgrind due to similar test checks | ||
+dnl AX_CHECK_COMPILE_FLAG([-fsanitize=address],[CFLAGS=" -fsanitize=address $CFLAGS"]) | ||
AC_LANG_POP | ||
# Skip if replacing with LS_LIB instead. | ||
WLSLIB="" | ||
diff --git tests/call-test.c tests/call-test.c | ||
index c27d41a..76ee12d 100644 | ||
--- tests/call-test.c | ||
+++ tests/call-test.c | ||
@@ -536,7 +536,7 @@ bezctx *new_bezctx_test(void) { | ||
int test_curve(int c) { | ||
spiro_cp spiro[16]; | ||
int nextknot[17]; | ||
- double d[5]; | ||
+ double d[6]; | ||
spiro_seg *segs = NULL; | ||
bezctx *bc; | ||
rs_check_vals *rsp; | ||
@@ -545,7 +545,7 @@ int test_curve(int c) { | ||
/* Load sample data so that we can see if library is callable */ | ||
load_test_curve(spiro,nextknot,c); | ||
|
||
- d[0] = 1.; d[1] = d[1] = 0.; | ||
+ d[0] = 1.; d[1] = d[2] = 0.; | ||
#if defined(DO_CALL_TEST20) | ||
/* check if spiro values are reversed correctly on input path */ | ||
printf("---\ntesting spiroreverse() using data=path%d[].\n",c); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters