[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft] Regression tests for integer overflow
From: |
Werner LEMBERG |
Subject: |
Re: [ft] Regression tests for integer overflow |
Date: |
Thu, 26 Apr 2007 08:46:16 +0200 (CEST) |
> I want to write regression tests for the fixes in 2.2.1 version.
>
> * src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128
> gracefully.
> (_bdf_set_default_spacing): Increase `name' buffer size to 256
> and issue an error for longer names. This fixes
> CVE-2007-1351.
> (_bdf_parse_glyphs): Limit allowed number of glyphs in font to
> the number of code points in Unicode.
>
> For this which library I need to include?
Libary? What library?
> And which high level functions I need to use?
FT_Open_Face was sufficient to trigger the bug, IIRC. I'm sending you
privately a font which makes the bug happen.
Werner