[ft-devel] Fw: iphone exploit in freetype

freetype-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ft-devel] Fw: iphone exploit in freetype

From:	Werner LEMBERG
Subject:	[ft-devel] Fw: iphone exploit in freetype
Date:	Mon, 11 Jul 2011 21:04:50 +0200 (CEST)

This is what I've received from Dirk as an answer.  No idea what
version of FreeType the iPhone people use...


    Werner

--- Begin Message --- Subject: iphone exploit in freetype Date: Fri, 8 Jul 2011 18:24:24 +0200 User-agent: KMail/1.13.6 (Linux/2.6.37.6-0.5-desktop; KDE/4.6.0; x86_64; ; )

Hi Werner, 

somebody pointed me at your question on the mailing list. 

I strongly believe that the issue was somehow fixed or mitigated by this 
commit: 

commit 6b3d00e1a0bc5033aeeab51912eda0aff6ed6e8b
Author: Werner Lemberg <address@hidden>
Date:   Tue Feb 3 21:34:29 2004 +0000

    * src/type1/t1load.c (parse_dict): Handle `RD' and `-|' commands
    outside of /Subrs or /CharStrings.  This can happen if there is
    additional code manipulating those two arrays so that FreeType
    doesn't recognize them properly.


which has been added in freetype 2.1.8. I can replicate a crash with 2.1.7 
(and it is fixed with this one patch), and it works for me as well for 2.1.8 
and beyond. 

Hope this helps. 

Greetings,
Dirk

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

[ft-devel] Fw: iphone exploit in freetype, Werner LEMBERG <=

Prev by Date: Re: [ft-devel] details on iPhone exploit caused by FreeType?
Next by Date: Re: [ft-devel] details on iPhone exploit caused by FreeType?
Previous by thread: [ft-devel] truetype metrics resize request question
Next by thread: [ft-devel] [PATCH] - Add FT_DISABLE_STREAM_SUPPORT to disable the use of file streaming functions for memory savings
Index(es):
- Date
- Thread