Mercurial Mercurial > upstream > oracle > spec-files / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Committing changes for the CR 7032373 s11express-2010-11 OSE1011_SRU10_04
authoran230044
Fri, 29 Jul 2011 10:06:54 +0000
branchs11express-2010-11
changeset 22041 3e6da9caa465
parent 21988 24fa7bd94af7
child 22072 7ba75a03f8b2
Committing changes for the CR 7032373
base-specs/pango.spec file | annotate | diff | comparison | revisions
patches/pango-06-CVE-2011-0020.diff file | annotate | diff | comparison | revisions 
--- a/base-specs/pango.spec	Mon Jul 18 05:42:15 2011 +0000
+++ b/base-specs/pango.spec	Fri Jul 29 10:06:54 2011 +0000
@@ -35,6 +35,9 @@
 Patch4:	      pango-04-sunstudio.diff
 Patch5:	      pango-05-CVE-2011-0064.diff 
 
+#owner: Praveen date:2011-07-29 type:feature bugster:7032373
+Patch6:	      pango-06-CVE-2011-0020.diff
+
 
 URL:          http://www.gtk.org
 BuildRoot:    %{_tmppath}/%{name}-%{version}-build
@@ -84,6 +87,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 %ifos linux
@@ -159,6 +163,8 @@
 %{_mandir}/man3/*
 
 %changelog
+* Fri Jul 29 2011 - [email protected]
+- Added a new patch pango-06-CVE-2011-0020.diff to fix CR 7032373
 * Thu Mar 10 2011 - [email protected]
 - Added a new patch pango-05-CVE-2011-0064.diff to fix CR#7019951. 
 * Sat Apr  3 2010 - [email protected]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/pango-06-CVE-2011-0020.diff	Fri Jul 29 10:06:54 2011 +0000
@@ -0,0 +1,40 @@
+--- pango-1.28.0.orig/pango/pangoft2-render.c.orig	2011-07-15 04:02:47.327201380 +0530
++++ pango-1.28.0/pango/pangoft2-render.c	2011-07-15 04:07:22.339777218 +0530
+@@ -121,9 +121,14 @@ pango_ft2_font_render_box_glyph (int    
+ 
+   box->bitmap.width = width;
+   box->bitmap.rows = height;
+-  box->bitmap.pitch = height;
++  box->bitmap.pitch = width;
+ 
+-  box->bitmap.buffer = g_malloc0 (box->bitmap.rows * box->bitmap.pitch);
++  box->bitmap.buffer = g_malloc0_n (box->bitmap.rows, box->bitmap.pitch);
++  
++  if (G_UNLIKELY (!box->bitmap.buffer)) {
++      g_slice_free (PangoFT2RenderedGlyph, box);
++      return NULL;
++  }
+ 
+   /* draw the box */
+   for (j = 0; j < line_width; j++)
+@@ -226,6 +231,11 @@ pango_ft2_font_render_glyph (PangoFont *
+       rendered->bitmap_left = face->glyph->bitmap_left;
+       rendered->bitmap_top = face->glyph->bitmap_top;
+ 
++      if (G_UNLIKELY (!rendered->bitmap.buffer)) {
++         g_slice_free (PangoFT2RenderedGlyph, rendered);
++            return NULL;
++      }
++
+       return rendered;
+     }
+   else
+@@ -276,6 +286,8 @@ pango_ft2_renderer_draw_glyph (PangoRend
+   if (rendered_glyph == NULL)
+     {
+       rendered_glyph = pango_ft2_font_render_glyph (font, glyph);
++      if (rendered_glyph == NULL)
++         return;
+       add_glyph_to_cache = TRUE;
+     }
+
upstream/oracle/spec-files