freetype-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ft-cvs] freetype2 ./ChangeLog include/freetype/config/f...

From: David Turner
Subject: [ft-cvs] freetype2 ./ChangeLog include/freetype/config/f...
Date: Tue, 02 May 2006 06:34:27 +0000 
CVSROOT:        /cvsroot/freetype
Module name:    freetype2
Branch:         
Changes by:     David Turner <address@hidden>   06/05/02 06:34:27

Modified files:
        .              : ChangeLog 
        include/freetype/config: ftconfig.h 
        include/freetype: fterrdef.h 
        include/freetype/internal: ftmemory.h 
        src/base       : ftdbgmem.c ftutil.c 

Log message:
        * include/freetype/fterrdef.h, include/freetype/config/ftconfig.h,
        include/freetype/internal/ftmemory.h, src/base/ftdbgmem.c,
        src/base/ftutil.c: udpating the memory management functions and
        macros to safely deal with array size buffer overflows, this
        corresponds to attemps to allocate arrays that are too large. For
        an example, consider the following code:
        
        count = read_uint32_from_file();
        array = malloc( sizeof(Item) * count );
        for ( nn = 0; nn < count; nn++ )
        array[nn] = read_item_from_file();
        
        if 'count' is larger than FT_UINT_MAX/sizeof(Item), the multiplication
        will overflow and the array allocated will be smaller than the data
        read from the file. In this case, the heap will be trashed, and this
        can be used as a denial-of-service, or make the engine crash later.
        
        the FT_ARRAY_NEW and FT_ARRAY_RENEW macro now check that the new
        count is no more than FT_INT_MAX/item_size, otherwise, a new error,
        named 'FT_Err_Array_Too_Large' will be returned.
        
        note that the memory debugger now works again when FT_DEBUG_MEMORY
        is defined, and FT_STRICT_ALIASING has disappeared, the corresponding
        code being now the default.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/freetype/freetype2/ChangeLog.diff?tr1=1.1311&tr2=1.1312&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/freetype/freetype2/include/freetype/config/ftconfig.h.diff?tr1=1.49&tr2=1.50&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/freetype/freetype2/include/freetype/fterrdef.h.diff?tr1=1.5&tr2=1.6&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/freetype/freetype2/include/freetype/internal/ftmemory.h.diff?tr1=1.47&tr2=1.48&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/freetype/freetype2/src/base/ftdbgmem.c.diff?tr1=1.34&tr2=1.35&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/freetype/freetype2/src/base/ftutil.c.diff?tr1=1.20&tr2=1.21&r1=text&r2=text
reply via email to
[Prev in Thread] Current Thread [Next in Thread]