kc3-lang/freetype

Diff

Show log
Commit
Hash : 264f307e
Author :
Date : 2006-05-02T06:34:27

* include/freetype/fterrdef.h, include/freetype/config/ftconfig.h, include/freetype/internal/ftmemory.h, src/base/ftdbgmem.c, src/base/ftutil.c: udpating the memory management functions and macros to safely deal with array size buffer overflows, this corresponds to attemps to allocate arrays that are too large. For an example, consider the following code: count = read_uint32_from_file(); array = malloc( sizeof(Item) * count ); for ( nn = 0; nn < count; nn++ ) array[nn] = read_item_from_file(); if 'count' is larger than FT_UINT_MAX/sizeof(Item), the multiplication will overflow and the array allocated will be smaller than the data read from the file. In this case, the heap will be trashed, and this can be used as a denial-of-service, or make the engine crash later. the FT_ARRAY_NEW and FT_ARRAY_RENEW macro now check that the new count is no more than FT_INT_MAX/item_size, otherwise, a new error, named 'FT_Err_Array_Too_Large' will be returned. note that the memory debugger now works again when FT_DEBUG_MEMORY is defined, and FT_STRICT_ALIASING has disappeared, the corresponding code being now the default.

Properties

Git HTTP	https://git.kmx.io/kc3-lang/freetype.git
Git SSH	git@git.kmx.io:kc3-lang/freetype.git
Public access ?	public
Description	https://gitlab.freedesktop.org/freetype/freetype
Users
Tags

README

  Special notes to Unix users
  ===========================

  Please  read  the file  `docs/UPGRADE.UNX'.   It contains  important
  information regarding the installation  of FreeType on Unix systems,
  especially GNU based operating systems like GNU/Linux.

  FreeType 2's  library is called `libfreetype',  FreeType 1's library
  is called `libttf'.  They are *not* compatible!


  FreeType 2.2
  ============

  Please   read   the  docs/CHANGES   file,   it  contains   IMPORTANT
  INFORMATION.

  Read the files `docs/INSTALL' for installation instructions.

  Note  that  the FreeType 2  documentation  (together with  signature
  files) is now available as a separate package from our sites.  Go to

    http://download.savannah.gnu.org/releases/freetype/

  and download one of the following files.

    freetype-doc-2.2.tar.bz2
    freetype-doc-2.2.tar.gz
    ftdoc22.zip


  Bugs
  ====

  Please report bugs  by e-mail to `freetype-devel@nongnu.org'.  Don't
  forget to  send a  detailed explanation of  the problem --  there is
  nothing  worse than  receiving a  terse message  that only  says `it
  doesn't work'.

  Alternatively, you may submit a bug report at

    https://savannah.nongnu.org/bugs/?group=freetype


  Enjoy!


    The FreeType Team

----------------------------------------------------------------------

Copyright 2001, 2002, 2003, 2004, 2006 by
David Turner, Robert Wilhelm, and Werner Lemberg.

This  file is  part of  the FreeType  project, and  may only  be used,
modified,  and distributed  under the  terms of  the  FreeType project
license,  LICENSE.TXT.  By  continuing to  use, modify,  or distribute
this file you  indicate that you have read  the license and understand
and accept it fully.


--- end of README ---

kc3-lang/freetype

Commit

Files

Properties

README