GNOME Bugzilla – Bug 653571
Missing check when seeking in font
Last modified: 2011-06-30 08:26:25 UTC
gnome-font-viewer uses its own function vfs_stream_read() for reading/seeking in FT_Stream. Unfortunately it doesn't check offset against stream size when seeking so it can happen that it seeks beyond the stream but doesn't return an error (it uses lseek() at the end). Another problem is that even if an error arises during seeking the function doesn't return correct value. It should return a value higher than zero (as ft_ansi_stream_io() does). You can reproduce the problem by opening font from the bottom of the page http://lists.nongnu.org/archive/html/freetype-devel/2011-06/msg00035.html in gnome-font-viewer. But you have to disable freetype-2.4.2-CVE-2010-3311.patch patch in freetype2 if you use Fedora to see the problem. The attached patch fixes this. Marek
Created attachment 190858 [details] [review] the patch with check and correct return value
Review of attachment 190858 [details] [review]: Thanks, looks good.
I've committed it to the master branch. Can I commit it also to stable branch "gnome-3-0" ?
Yes, feel free to push it there too.