Re: [ft] FreeType 2.4.1 has been released

freetype

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft] FreeType 2.4.1 has been released

From:	Michiel Kamermans
Subject:	Re: [ft] FreeType 2.4.1 has been released
Date:	Sat, 07 Aug 2010 11:51:24 -0700
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0

BTW, VUPEN lists "two vulnerabilities", but FreeType2
mentions "a vulnerability". Somebody may afraid that
another vulnerability is left in genuine FreeType2. This
is the difference of the modification part in Apple's
patch&  our patch. In Apple's patch, 2 stack checking
are inserted to 2 CFF operators increasing the stack.
In our patch, a stack checking is inserted after all
CFF operations, aslike existing stack checking for
CFF numerical objects.

Frankly, that makes the most sense. Technote 5177 on Type2 charstringsrather explicitly states the maximum allowed sizes for various aspectsof charstring parsing, pretty plainly stating that the normal argumentstack has max size 48, and the transient stack (for opcode programs) maxsize 32, so a push onto the stack should always be conditional onwhether or not it's already full... wonder why Apple decided tocompletely ignore that fact...


- Mike

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [ft] FreeType 2.4.1 has been released, Michiel Kamermans, 2010/08/06
- Re: [ft] FreeType 2.4.1 has been released, Werner LEMBERG, 2010/08/06
  - Re: [ft] FreeType 2.4.1 has been released, mpsuzuki, 2010/08/07
    - Re: [ft] FreeType 2.4.1 has been released, Werner LEMBERG, 2010/08/07
    - Re: [ft] FreeType 2.4.1 has been released, Michiel Kamermans <=

Prev by Date: Re: [ft] FreeType 2.4.1 has been released
Next by Date: Re: [ft] Stray pixel from FT_Outline_Get_Bitmap()?
Previous by thread: Re: [ft] FreeType 2.4.1 has been released
Next by thread: [ft] FreeType 2.4.2 has been released
Index(es):
- Date
- Thread