Re: [ft] Regression tests for integer overflow

freetype

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft] Regression tests for integer overflow

From:	Werner LEMBERG
Subject:	Re: [ft] Regression tests for integer overflow
Date:	Thu, 26 Apr 2007 08:46:16 +0200 (CEST)

> I want to write regression tests for the fixes in 2.2.1 version.
>
> * src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128
>       gracefully.
>       (_bdf_set_default_spacing): Increase `name' buffer size to 256
>       and issue an error for longer names.  This fixes
>       CVE-2007-1351.
>       (_bdf_parse_glyphs): Limit allowed number of glyphs in font to
>       the number of code points in Unicode.
>
> For this which library I need to include?

Libary?  What library?

> And which high level functions I need to use?

FT_Open_Face was sufficient to trigger the bug, IIRC.  I'm sending you
privately a font which makes the bug happen.


    Werner

[Prev in Thread]

Current Thread

[Next in Thread]

[ft] Regression tests for integer overflow, snteam snteam, 2007/04/20
- Re: [ft] Regression tests for integer overflow, Werner LEMBERG <=
  - Re: [ft] Regression tests for integer overflow, Werner LEMBERG, 2007/04/26
- Re: [ft] Regression tests for integer overflow, Werner LEMBERG, 2007/04/26

Prev by Date: Re: [ft] FT_LOAD_TARGET_LCD
Next by Date: Re: [ft] Regression tests for integer overflow
Previous by thread: [ft] Regression tests for integer overflow
Next by thread: Re: [ft] Regression tests for integer overflow
Index(es):
- Date
- Thread