[Bug 489928] New: FreeType 2.3.8 is not binary compatible to version 2.3.7
bugzilla at redhat.com
bugzilla at redhat.com
Thu Mar 12 15:31:48 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: FreeType 2.3.8 is not binary compatible to version 2.3.7
https://bugzilla.redhat.com/show_bug.cgi?id=489928
Summary: FreeType 2.3.8 is not binary compatible to version
2.3.7
Product: Fedora
Version: rawhide
Platform: All
URL: http://sourceforge.net/project/shownotes.php?group_id=
3157&release_id=667610
OS/Version: Linux
Status: NEW
Severity: urgent
Priority: low
Component: freetype
AssignedTo: besfahbo at redhat.com
ReportedBy: xose.vazquez at gmail.com
QAContact: extras-qa at fedoraproject.org
CC: besfahbo at redhat.com, kevin at tigcc.ticalc.org,
fedora-fonts-bugs-list at redhat.com
Classification: Fedora
- Very unfortunately, FreeType 2.3.8 contained a change that broke
its official ABI. The end result is that programs compiled
against previous versions of the library, but dynamically linked
to 2.3.8 can experience memory corruption if they call the
`FT_Get_PS_Font_Info' function.
We recommend all users to upgrade to 2.3.9 as soon as possible,
or to downgrade to a previous release of the library if this is
not an option.
The origin of the bug is that a new field was added to the
publicly defined `PS_FontInfoRec' structure. Unfortunately,
objects of this type can be stack or heap allocated by callers
of `FT_Get_PS_Font_Info', resulting in a memory buffer
overwrite with its implementation in 2.3.8.
If you want to know whether your code is vulnerable to this
issue, simply search for the substrings `PS_FontInfo' and
`PS_Font_Info' in your source code. If none is found, your code
is safe and is not affected.
The FreeType team apologizes for the problem.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-fonts-bugs-list
mailing list